CVE-2005-4348
Summary
| CVE | CVE-2005-4348 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-12-21 00:03:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
CompleteAV:N/AC:L/Au:N/C:N/I:N/A:C
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| #343836 - (CVE-2005-4348) Security: DoS attack possible - crashes on empty message - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | Issue Tracking, Mailing List, Third Party Advisory |
| Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| USN-233-1: fetchmail vulnerability | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| Debian update for fetchmail - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Apple Mac OS X Multiple Security Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Secunia - Advisories - Mandriva update for fetchmail | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Secunia - Advisories - Fedora update for fetchmail | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Security Announcement | af854a3a-2127-422b-91ae-364da2661108 | www.novell.com | Broken Link |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| www.osvdb.org/21906 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | Broken Link |
| Fetchmail - Kostenloser Open Source Mail Daemon | af854a3a-2127-422b-91ae-364da2661108 | fetchmail.berlios.de | Broken Link |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Permissions Required, Third Party Advisory |
| Slackware update for fetchmail - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| www.trustix.org/errata/2006/0002 | af854a3a-2127-422b-91ae-364da2661108 | www.trustix.org | Broken Link |
| Red Hat update for fetchmail - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Debian -- Page not found | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| SGI Advanced Linux Environment 3 Multiple Updates - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Fetchmail Missing Email Header Remote Denial of Service Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SecurityTracker.com Archives - Fetchmail Can Be Crashed By Remote Users By Sending a Headerless Message | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | Third Party Advisory, VDB Entry |
| Secunia - Advisories - Fetchmail Headerless Message Denial of Service Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| patches.sgi.com/support/free/security/advisories/20070201-01-P.asc | af854a3a-2127-422b-91ae-364da2661108 | patches.sgi.com | Broken Link |
| Secunia - Advisories - Ubuntu update for fetchmail | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Advisories - Mandriva | af854a3a-2127-422b-91ae-364da2661108 | wwwnew.mandriva.com | Third Party Advisory |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | slackware.com | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| Trustix update for multiple packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Permissions Required, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-01-31 | Mark J Cox | The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0018.html This issue did not affect Red Hat Enterprise Linux 2.1 and 3. |
There are currently no legacy QID mappings associated with this CVE.