Vulnerabilities > CVE-2011-1947 - Resource Management Errors vulnerability in Fetchmail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-8021.NASL description This update fixes CVE-2011-1947. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55390 published 2011-06-22 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55390 title Fedora 14 : fetchmail-6.3.20-1.fc14 (2011-8021) NASL family Fedora Local Security Checks NASL id FEDORA_2011-8059.NASL description This update fixes CVE-2011-1947. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55393 published 2011-06-22 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55393 title Fedora 13 : fetchmail-6.3.20-1.fc13 (2011-8059) NASL family Fedora Local Security Checks NASL id FEDORA_2011-8011.NASL description This update fixes CVE-2011-1947. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55389 published 2011-06-22 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55389 title Fedora 15 : fetchmail-6.3.20-1.fc15 (2011-8011) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2011-171-01.NASL description New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55173 published 2011-06-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55173 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2011-171-01) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F7D838F2903911E0A051080027EF73EC.NASL description Matthias Andree reports : Fetchmail version 5.9.9 introduced STLS support for POP3, version 6.0.0 added STARTTLS for IMAP. However, the actual S(TART)TLS-initiated in-band SSL/TLS negotiation was not guarded by a timeout. Depending on the operating system defaults as to TCP stream keepalive mode, fetchmail hangs in excess of one week after sending STARTTLS were observed if the connection failed without notifying the operating system, for instance, through network outages or hard server crashes. A malicious server that does not respond, at the network level, after acknowledging fetchmail last seen 2020-06-01 modified 2020-06-02 plugin id 54983 published 2011-06-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54983 title FreeBSD : fetchmail -- STARTTLS denial of service (f7d838f2-9039-11e0-a051-080027ef73ec) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-107.NASL description Multiple vulnerabilities were discovered and corrected in fetchmail : fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list (CVE-2010-1167). NOTE: This vulnerability did not affect Mandriva Linux 2010.2. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets (CVE-2011-1947). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the 6.3.20 version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 54991 published 2011-06-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54991 title Mandriva Linux Security Advisory : fetchmail (MDVSA-2011:107)
References
- http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html
- http://openwall.com/lists/oss-security/2011/05/30/1
- http://openwall.com/lists/oss-security/2011/05/31/12
- http://openwall.com/lists/oss-security/2011/05/31/17
- http://openwall.com/lists/oss-security/2011/06/01/2
- http://www.fetchmail.info/fetchmail-SA-2011-01.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:107
- http://www.securityfocus.com/archive/1/518251/100/0/threaded
- http://www.securityfocus.com/bid/48043
- http://www.securitytracker.com/id?1025605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67700