[VIM] CVE-2005-2335 (fetchmail)

Sullo sullo at cirt.net
Wed Jul 27 00:21:29 EDT 2005


I think maybe I misspoke, sorta. Secunia references CAN-2005-2335... but 
the link doesn't seem to work:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335

The original advisory lists CAN-2005-2335...
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

Something just isn't right, or it's too late in the night for me to 
figure it out :-)

Steven M. Christey wrote:

>On Tue, 26 Jul 2005, Sullo wrote:
>
>  
>
>>Steve,
>>
>>secunia is referencing CVE-2005-2335 regarding a fetchmail vuln, but
>>that one doesn't seem to exist. I don't see it via search, either...
>>someone missing something?
>>    
>>
>
>It should have been CAN-2005-2335 (not CVE), which a Google search will
>produce a couple examples.
>
>This kind of inconsistency is one of the main reasons why we're getting
>rid of the dual naming scheme and just sticking with the CVE prefix
>(status codes will say whether they're CANs or CVEs.)
>
>By the way, Fedora introduced a typo for the same issue - CAN-2005-2355 -
>but that will be heavily flagged by CVE as being the wrong number.
>
>See below.
>
>- Steve
>
>
>======================================================
>Candidate: CAN-2005-2335
>URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335
>Reference: CONFIRM:http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
>Reference: CONFIRM:http://developer.berlios.de/project/shownotes.php?release_id=6617
>Reference: FEDORA:FEDORA-2005-613
>Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html
>Reference: FEDORA:FEDORA-2005-614
>Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html
>Reference: BID:14349
>Reference: URL:http://www.securityfocus.com/bid/14349
>Reference: FRSIRT:ADV-2005-1171
>Reference: URL:http://www.frsirt.com/english/advisories/2005/1171
>Reference: SECUNIA:16176
>Reference: URL:http://secunia.com/advisories/16176
>
>Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows
>remote POP3 servers to cause a denial of service and possibly execute
>arbitrary code via long UIDL responses.  NOTE: a typo in an advisory
>accidentally used the wrong CVE identifier for the Fetchmail issue.
>This is the correct identifier.
>
>
>======================================================
>Candidate: CAN-2005-2355
>URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2355
>Reference: MISC:http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html
>
>** REJECT **
>
>DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2005-2335,
>CAN-2005-2356.  Reason: due to a typo in an advisory, this candidate
>was accidentally referenced.  Notes: All CVE users should consult
>CAN-2005-2335 and CAN-2005-2356 to determine the appropriate
>identifier for the issue.
>
>
>
>
>
>  
>


-- 

http://www.cirt.net/      |     http://www.osvdb.org/



More information about the VIM mailing list