*** This bug is a security vulnerability ***
Public security bug reported:
fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote
attackers to cause a denial of service (crash and persistent mail
failure) via a malformed mail message with long headers, which is not
properly handled when using vsnprintf to format log messages.
** Affects: fetchmail (Ubuntu)
Importance: High
Assignee: Emanuele Gentili (emgent)
Status: In Progress
** Affects: fetchmail (Suse)
Importance: Unknown
Status: Unknown
** Visibility changed to: Public
** Changed in: fetchmail (Ubuntu)
Importance: Undecided => High
Assignee: (unassigned) => Emanuele Gentili (emgent)
Status: New => In Progress
** Bug watch added: Novell/SUSE Bugzilla #354291
https://bugzilla.novell.com/show_bug.cgi?id=354291
** Also affects: fetchmail (Suse) via
https://bugzilla.novell.com/show_bug.cgi?id=354291
Importance: Unknown
Status: Unknown
--
fetchmail denial of service CVE-2008-2711
https://bugs.launchpad.net/bugs/240549
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
