CVE-2005-2335

Related Files

Debian Linux Security Advisory 774-1

Posted Aug 13, 2005

Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 774-1 - Edward Shornock discovered a bug in the UIDL handling code of fetchmail, a common POP3, APOP and IMAP mail fetching utility. A malicious POP3 server could exploit this problem and inject arbitrary code that will be executed on the victim host. If fetchmail is running as root, this becomes a root exploit.

tags | advisory, arbitrary, root, imap

systems | linux, debian

advisories | CVE-2005-2335

SHA-256 | e30a4b05419887264e05a08c16a5de24bfb39591623bf714786afdb00b2b9703

Download | Favorite | View

fetchmail-SA-2005-01.txt

Posted Jul 28, 2005

Authored by Matthias Andree | Site fetchmail.berlios.de

Fetchmail version 1.02 suffers from a remote code injection vulnerability.

tags | advisory, remote

advisories | CVE-2005-2335

SHA-256 | fc3f1ce80d30fc5169baa1476c5710f9cd636aec98c35ccdc729e1c419f34d2c

Download | Favorite | View

Gentoo Linux Security Advisory 200507-21

Posted Jul 28, 2005

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-21 - fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Versions less than 6.2.5.2 are affected.

tags | advisory, overflow

systems | linux, gentoo

advisories | CVE-2005-2335

SHA-256 | e183ba8135f58ed6750b8c55799fddc77fe41b5730a1d87bec474be7a913c8cf

Download | Favorite | View