CVE-2011-1947

Severity

50%

Complexity

99%

Confidentiality

48%

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Fetchmail

First reported 13 years ago

2011-06-02 19:55:00

Last updated 6 years ago

2018-10-09 19:32:00

Affected Software

Fetchmail 5.9.10

5.9.10

Fetchmail 5.9.11

5.9.11

Fetchmail 5.9.13

5.9.13

Fetchmail 6.0.0

6.0.0

Fetchmail 6.1.0

6.1.0

Fetchmail 6.1.3

6.1.3

Fetchmail 6.2.0

6.2.0

Fetchmail 6.2.1

6.2.1

Fetchmail 6.2.2

6.2.2

Fetchmail 6.2.3

6.2.3

Fetchmail 6.2.4

6.2.4

Fetchmail 6.2.5

6.2.5

Fetchmail 6.2.5.1

6.2.5.1

Fetchmail 6.2.5.2

6.2.5.2

Fetchmail 6.2.5.4

6.2.5.4

Fetchmail 6.2.6 pre4

6.2.6

Fetchmail 6.2.6 pre8

6.2.6

Fetchmail 6.2.6 pre9

6.2.6

Fetchmail 6.2.9 release candidate 10

6.2.9

Fetchmail 6.2.9 release candidate 3

6.2.9

Fetchmail 6.2.9 release candidate 4

6.2.9

Fetchmail 6.2.9 release candidate 5

6.2.9

Fetchmail 6.2.9 release candidate 7

6.2.9

Fetchmail 6.2.9 release candidate 8

6.2.9

Fetchmail 6.2.9 release candidate 9

6.2.9

Fetchmail 6.3.0

6.3.0

Fetchmail 6.3.1

6.3.1

Fetchmail 6.3.2

6.3.2

Fetchmail 6.3.3

6.3.3

Fetchmail 6.3.4

6.3.4

Fetchmail 6.3.5

6.3.5

Fetchmail 6.3.6

6.3.6

Fetchmail 6.3.6 release candidate 1

6.3.6

Fetchmail 6.3.6 release candidate 2

6.3.6

Fetchmail 6.3.6 release candidate 3

6.3.6

Fetchmail 6.3.6 release candidate 4

6.3.6

Fetchmail 6.3.6 release candidate 5

6.3.6

Fetchmail 6.3.7

6.3.7

Fetchmail 6.3.8

6.3.8

Fetchmail 6.3.9

6.3.9

Fetchmail 6.3.9 release candidate 2

6.3.9

Fetchmail 6.3.10

6.3.10

Fetchmail 6.3.11

6.3.11

Fetchmail 6.3.12

6.3.12

Fetchmail 6.3.13

6.3.13

Fetchmail 6.3.14

6.3.14

Fetchmail 6.3.15

6.3.15

Fetchmail 6.3.16

6.3.16

Fetchmail 6.3.17

6.3.17

Fetchmail 6.3.18

6.3.18

Fetchmail 6.3.19

6.3.19

References

http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt

FEDORA-2011-8059

FEDORA-2011-8011

FEDORA-2011-8021

[oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)

[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)

[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)

[oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)

http://www.fetchmail.info/fetchmail-SA-2011-01.txt

MDVSA-2011:107

20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)

48043

1025605

fetchmail-starttls-dos(67700)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.