CVE-2005-4348

Summary

CVE	CVE-2005-4348
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-12-21 00:03:00 UTC
Updated	2018-10-19 15:40:00 UTC
Description	fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.

Risk And Classification

Problem Types: CWE-399

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fetchmail	Fetchmail	All	All	All	All
Application	Fetchmail	Fetchmail	All	All	All	All

References

Reference	Source	Link	Tags
USN-233-1: fetchmail vulnerability \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
21906	OSVDB	www.osvdb.org	Broken Link
Fetchmail - Kostenloser Open Source Mail Daemon	CONFIRM	fetchmail.berlios.de	Broken Link
SGI Advanced Linux Environment 3 Multiple Updates - Advisories - Secunia	SECUNIA	secunia.com	Third Party Advisory
Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Third Party Advisory
SecurityTracker.com Archives - Fetchmail Can Be Crashed By Remote Users By Sending a Headerless Message	SECTRACK	securitytracker.com	Third Party Advisory, VDB Entry
Webmail - OVH	VUPEN	www.vupen.com	Permissions Required, Third Party Advisory
Webmail - OVH	VUPEN	www.vupen.com	Permissions Required, Third Party Advisory
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Third Party Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Repository / Oval Repository	OVAL	oval.cisecurity.org	Third Party Advisory
Secunia - Advisories - Fedora update for fetchmail	SECUNIA	secunia.com	Third Party Advisory
20070201-01-P	SGI	patches.sgi.com	Broken Link
Secunia - Advisories - Ubuntu update for fetchmail	SECUNIA	secunia.com	Third Party Advisory
Secunia - Advisories - Fetchmail Headerless Message Denial of Service Vulnerability	SECUNIA	secunia.com	Third Party Advisory
Apple Mac OS X Multiple Security Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
SecurityFocus	BUGTRAQ	www.securityfocus.com
Fetchmail Missing Email Header Remote Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com	Third Party Advisory, VDB Entry
Secunia - Advisories - Mandriva update for fetchmail	SECUNIA	secunia.com	Third Party Advisory
Red Hat update for fetchmail - Advisories - Secunia	SECUNIA	secunia.com	Third Party Advisory
#343836 - (CVE-2005-4348) Security: DoS attack possible - crashes on empty message - Debian Bug report logs	MISC	bugs.debian.org	Issue Tracking, Mailing List, Third Party Advisory
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com	Third Party Advisory
Advisories - Mandriva	MANDRIVA	wwwnew.mandriva.com	Third Party Advisory
Security Announcement	SUSE	www.novell.com	Broken Link
Trustix update for multiple packages - Advisories - Secunia	SECUNIA	secunia.com	Third Party Advisory
Slackware update for fetchmail - Advisories - Secunia	SECUNIA	secunia.com	Third Party Advisory
2006-0002	TRUSTIX	www.trustix.org	Broken Link
Debian update for fetchmail - Advisories - Secunia	SECUNIA	secunia.com	Third Party Advisory
Debian -- Page not found	DEBIAN	www.debian.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-01-31	Mark J Cox	The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0018.html This issue did not affect Red Hat Enterprise Linux 2.1 and 3.

There are currently no legacy QID mappings associated with this CVE.