FreeBSD : fetchmail -- STARTTLS denial of service (f7d838f2-9039-11e0-a051-080027ef73ec)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthias Andree reports :

Fetchmail version 5.9.9 introduced STLS support for POP3, version
6.0.0 added STARTTLS for IMAP. However, the actual
S(TART)TLS-initiated in-band SSL/TLS negotiation was not guarded by a
timeout.

Depending on the operating system defaults as to TCP stream keepalive
mode, fetchmail hangs in excess of one week after sending STARTTLS
were observed if the connection failed without notifying the operating
system, for instance, through network outages or hard server crashes.

A malicious server that does not respond, at the network level, after
acknowledging fetchmail's STARTTLS or STLS request, can hold fetchmail
in this protocol state, and thus render fetchmail unable to complete
the poll, or proceed to the next server, effecting a denial of
service.

SSL-wrapped mode on dedicated ports was unaffected by this problem, so
can be used as a workaround.

See also :

http://www.fetchmail.info/fetchmail-SA-2011-01.txt
http://www.nessus.org/u?cd3a3c90
http://www.nessus.org/u?c68b032d

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 54983 ()

Bugtraq ID:

CVE ID: CVE-2011-1947

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now