{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/31/17"}, {"name": "48043", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48043"}, {"name": "FEDORA-2011-8011", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html"}, {"name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/31/12"}, {"name": "[oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/05/30/1"}, {"name": "20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/518251/100/0/threaded"}, {"name": "FEDORA-2011-8059", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt"}, {"name": "1025605", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025605"}, {"name": "MDVSA-2011:107", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107"}, {"name": "FEDORA-2011-8021", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt"}, {"name": "[oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/06/01/2"}, {"name": "fetchmail-starttls-dos(67700)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/05/31/17"}, {"name": "48043", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48043"}, {"name": "FEDORA-2011-8011", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html"}, {"name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/05/31/12"}, {"name": "[oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/05/30/1"}, {"name": "20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/518251/100/0/threaded"}, {"name": "FEDORA-2011-8059", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html"}, {"name": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt", "refsource": "CONFIRM", "url": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt"}, {"name": "1025605", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025605"}, {"name": "MDVSA-2011:107", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107"}, {"name": "FEDORA-2011-8021", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html"}, {"name": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt", "refsource": "CONFIRM", "url": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt"}, {"name": "[oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/06/01/2"}, {"name": "fetchmail-starttls-dos(67700)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:46:00.839Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/31/17"}, {"name": "48043", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48043"}, {"name": "FEDORA-2011-8011", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html"}, {"name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/31/12"}, {"name": "[oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/05/30/1"}, {"name": "20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/518251/100/0/threaded"}, {"name": "FEDORA-2011-8059", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt"}, {"name": "1025605", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025605"}, {"name": "MDVSA-2011:107", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107"}, {"name": "FEDORA-2011-8021", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt"}, {"name": "[oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/06/01/2"}, {"name": "fetchmail-starttls-dos(67700)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1947", "datePublished": "2011-06-02T19:00:00", "dateReserved": "2011-05-09T00:00:00", "dateUpdated": "2024-08-06T22:46:00.839Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fetchmail:fetchmail:5.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "6163235A-1041-40D2-A5FA-1D4B80F40347", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "1258CA65-FBC1-4848-A9E5-A8F5E5D6FBD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "A91C6418-41F0-46EB-ACFC-FCE907F5AA87", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "0C020534-7596-496C-B9B0-739F58F6F4EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A77D40C-6FF5-42BD-9EFB-B532824D7606", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F04C6A76-2718-4DBA-8972-A3EECDDB1A17", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "38ACD96E-5582-4ED0-BBB1-C891094D8217", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "264386DA-747F-492C-B660-D49BE9DB7139", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC4066AC-BE10-4189-86F6-BF94443738DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C25A146-50D5-4BA2-ABA2-20BF8784D7DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "72E76256-997F-4229-9B03-7BC3074F359D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7A717C50-2C5A-4CD1-B2E6-8CDF450940CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "61F908FF-9986-4F71-B0B6-D6A86555EF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0C1F99C-A246-40D3-B84A-5D11FF24AC1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "028F7F83-AF15-443B-A7DB-4E695E62EAFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B418C3CE-E6E6-401D-AD83-5BB181009A7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre4:*:*:*:*:*:*", "matchCriteriaId": "8BF06FD2-0A4C-4557-B8EF-F0F021179498", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre8:*:*:*:*:*:*", "matchCriteriaId": "38C949C2-07A0-4FE4-8FBF-86215CB999CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.6:pre9:*:*:*:*:*:*", "matchCriteriaId": "88B23630-79DD-4B69-BB01-286193BA562E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc10:*:*:*:*:*:*", "matchCriteriaId": "5FE21564-68C0-4765-BA40-9D3046C4CB14", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "208102ED-6F22-44C5-BAF1-FD85EACF208F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "C1CF7767-EB24-44E2-8E59-B4DBC99AFD23", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "CF3D6D4C-5FD8-4EE1-A34A-99D397F09E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc7:*:*:*:*:*:*", "matchCriteriaId": "D63D88C1-B201-4D48-9659-5802DC4FD3EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc8:*:*:*:*:*:*", "matchCriteriaId": "16463B23-E884-467E-9F63-6B57EED39856", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.2.9:rc9:*:*:*:*:*:*", "matchCriteriaId": "9F2C03AF-666D-4AF6-BC69-F8B081EB41AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "84F90AFA-4B13-46A0-89D7-4065300C94C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DAD0F05-8B55-43ED-89D5-61A19F41EDFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "99053698-7F8B-4E71-8647-1A8B0DF7CEB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9314F22D-22A8-4374-A2BF-3C64CF1F69BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "816E9640-A932-4E2F-9793-689F80D2AA89", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5D09BB43-6CBA-499B-91D1-BA256A65E40D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "ABE76611-08CE-4D85-B57A-021909835A81", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "B98AFEDF-2BAB-4588-94E0-35AEA5F1B514", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "4E8BAB5B-4DBC-4D05-B5E2-591573BC05FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "02F6E729-A2F2-42AC-A941-F57A0A4E84A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "4143D519-4B49-4E71-8686-FC6A095F0999", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc5:*:*:*:*:*:*", "matchCriteriaId": "387ADB82-4FAD-44DA-ABF2-2F4645C4F1E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "CED4FBCB-B6DF-429D-871D-2A9F7F59E63B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "237F86BD-82CD-4A37-BF64-F103B1304F0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "667847D9-58DD-4693-B544-593AC6D7746D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "12BA2E29-5547-45F5-BC46-1A7B4A222055", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "C44EA07A-D8A9-4E43-AE2D-B9E41944CB07", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "F9882EBF-72D0-4C4F-99BA-929418B5D86B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "EE474E7E-EEE8-45E4-A995-A437CE7C08CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "2F96F2F2-B6CC-4138-8F9C-4CB906EDACDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "22D580D8-FE6D-40E9-88A5-751A9C8CBAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "7C7E909A-F8F7-4FB1-8659-41A47C9B7C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "FDBC29B9-EC76-4F2C-BD00-A57C0D4B99EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "4C8896BE-EF89-4F2C-9356-96745005E3AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "39E249FA-4A13-4945-A632-0A8D24CE594A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.19:*:*:*:*:*:*:*", "matchCriteriaId": "6126F184-8470-49B7-A801-F671DEF24247", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets."}, {"lang": "es", "value": "fetchmail v5.9.9 a la v6.3.19 no limita correctamente el tiempo de espera despu\u00e9s de la emisi\u00f3n de una solicitud (1) STARTTLS o (2) STLS, lo que permite a los servidores remotos provocar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) al hacer un ACK de la solicitud y no enviando posteriormente paquetes adicionales."}], "id": "CVE-2011-1947", "lastModified": "2024-11-21T01:27:21.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-02T19:55:03.903", "references": [{"source": "secalert@redhat.com", "url": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/05/30/1"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/05/31/12"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/05/31/17"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/06/01/2"}, {"source": "secalert@redhat.com", "url": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/518251/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48043"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1025605"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/05/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/05/31/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/05/31/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/06/01/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/518251/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "fetchmail: Application hang due unguarded blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01)", "id": "709284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709284"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets."], "name": "CVE-2011-1947", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "fetchmail", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1947\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1947"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "fetchmail 6.3.20"}