CVE-2005-4348 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2005-4348?

CVE-2005-4348 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-4348?

Check the references section above for vendor advisories and patch information. Affected products include: Fetchmail Fetchmail.

Vulnerability Description

fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Fetchmail	Fetchmail	>= 6.2.0, < 6.2.5.5

Related Weaknesses (CWE)

CWE-399

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.ascBroken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836Issue TrackingMailing ListThird Party Advisory
http://fetchmail.berlios.de/fetchmail-SA-2005-03.txtBroken Link
http://secunia.com/advisories/17891Third Party Advisory
http://secunia.com/advisories/18172Third Party Advisory
http://secunia.com/advisories/18231Third Party Advisory
http://secunia.com/advisories/18266Third Party Advisory
http://secunia.com/advisories/18433Third Party Advisory
http://secunia.com/advisories/18463Third Party Advisory
http://secunia.com/advisories/18895Third Party Advisory
http://secunia.com/advisories/21253Third Party Advisory
http://secunia.com/advisories/24007Third Party Advisory
http://secunia.com/advisories/24284Third Party Advisory
http://securitytracker.com/id?1015383Third Party AdvisoryVDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackwareThird Party Advisory

FAQ

What is CVE-2005-4348?

CVE-2005-4348 is a vulnerability with a CVSS score of 7.8 (HIGH). fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstrea...

How severe is CVE-2005-4348?

CVE-2005-4348 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4348?

Check the references section above for vendor advisories and patch information. Affected products include: Fetchmail Fetchmail.