FreeBSD : fetchmail -- potential crash in -v -v verbose mode (168190df-3e9a-11dd-87bc-000ea69a5213)

Medium Nessus Plugin ID 33239


The remote FreeBSD host is missing a security-related update.


Matthias Andree reports :

Gunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation, fetchmail would resize the buffer and fill in further parts of the message, but forget to reinitialize its va_list typed source pointer, thus reading data from a garbage address found on the stack at addresses above the function arguments the caller passed in; usually that would be the caller's stack frame.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 33239

File Name: freebsd_pkg_168190df3e9a11dd87bc000ea69a5213.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2008/06/24

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:fetchmail, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/06/20

Vulnerability Publication Date: 2008/06/13

Reference Information

CVE: CVE-2008-2711

CWE: 20