CVE-2011-1947

Related Files

Slackware Security Advisory - Fetchmail STARTTLS

Posted Jun 21, 2011

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - fetchmail packages have been updated to fix a denial of service vulnerability in the STARTTLS protocol phases.

tags | advisory, denial of service, protocol

systems | linux, slackware

advisories | CVE-2011-1947

SHA-256 | e105c721442a8baa6254dc4effec15470371d9e6558d8ceb8b547b3371e8cddb

Download | Favorite | View

Mandriva Linux Security Advisory 2011-107

Posted Jun 7, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-107 - fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted message header or POP3 UIDL list. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a STLS request, which allows remote servers to cause a denial of service by acknowledging the request but not sending additional packets.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2010-1167, CVE-2011-1947

SHA-256 | f76d34b17f631223e59aa2ba6e51c25370839677d0b8989b2ea46fc400d18a12

Download | Favorite | View

Fetchmail STARTTLS Denial Of Service

Posted Jun 7, 2011

Authored by Matthias Andree

Fetchmail suffers from a denial of service vulnerability in the STARTTLS protocol phases. Versions 5.9.9 up to and including 6.3.19 are affected.

tags | advisory, denial of service, protocol

advisories | CVE-2011-1947

SHA-256 | 1489e4cc4ce52c41a58894cd8f7579dfc567612fec359ebe3eb13209676c068f

Download | Favorite | View