CVE-2010-0562
Summary
| CVE | CVE-2010-0562 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2010-02-08 21:30:00 UTC |
|---|
| Updated | 2011-04-27 04:00:00 UTC |
|---|
| Description | The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Fetchmail Heap Overflow When Displaying SSL Certificates in Verbose Mode May Let Remote Users Execute Arbitrary Code - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| Not Found |
CONFIRM |
mknod.org |
|
| fetchmail SSL Certificate Printing Buffer Overflow Vulnerability - Advisories - Community |
SECUNIA |
secunia.com |
Vendor Advisory |
| 62114 |
OSVDB |
osvdb.org |
|
| Fetchmail SSL Certificate Printing Remote Heap Buffer Overflow Vulnerability |
BID |
www.securityfocus.com |
|
| www.fetchmail.info/fetchmail-SA-2010-01.txt |
CONFIRM |
www.fetchmail.info |
Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2010:037 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| Webmail - OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2010-02-09 | Tomas Hoger | Not vulnerable. This issue did not affect the versions of fetchmail as shipped with Red Hat Enterprise Linux 3, 4, or 5. |
There are currently no legacy QID mappings associated with this CVE.
