10

CVE-2001-1009

Exploit
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Version <= 5.8.14
FetchmailFetchmail Version4.5.1
FetchmailFetchmail Version4.5.2
FetchmailFetchmail Version4.5.3
FetchmailFetchmail Version4.5.4
FetchmailFetchmail Version4.5.5
FetchmailFetchmail Version4.5.6
FetchmailFetchmail Version4.5.7
FetchmailFetchmail Version4.5.8
FetchmailFetchmail Version4.6.0
FetchmailFetchmail Version4.6.1
FetchmailFetchmail Version4.6.2
FetchmailFetchmail Version4.6.3
FetchmailFetchmail Version4.6.4
FetchmailFetchmail Version4.6.5
FetchmailFetchmail Version4.6.6
FetchmailFetchmail Version4.6.7
FetchmailFetchmail Version4.6.8
FetchmailFetchmail Version4.6.9
FetchmailFetchmail Version4.7.0
FetchmailFetchmail Version4.7.1
FetchmailFetchmail Version4.7.2
FetchmailFetchmail Version4.7.3
FetchmailFetchmail Version4.7.4
FetchmailFetchmail Version4.7.5
FetchmailFetchmail Version4.7.6
FetchmailFetchmail Version4.7.7
FetchmailFetchmail Version5.0.0
FetchmailFetchmail Version5.0.1
FetchmailFetchmail Version5.0.2
FetchmailFetchmail Version5.0.3
FetchmailFetchmail Version5.0.4
FetchmailFetchmail Version5.0.5
FetchmailFetchmail Version5.0.6
FetchmailFetchmail Version5.0.7
FetchmailFetchmail Version5.0.8
FetchmailFetchmail Version5.1.0
FetchmailFetchmail Version5.1.4
FetchmailFetchmail Version5.2.0
FetchmailFetchmail Version5.2.1
FetchmailFetchmail Version5.2.3
FetchmailFetchmail Version5.2.4
FetchmailFetchmail Version5.2.7
FetchmailFetchmail Version5.2.8
FetchmailFetchmail Version5.3.0
FetchmailFetchmail Version5.3.1
FetchmailFetchmail Version5.3.3
FetchmailFetchmail Version5.3.8
FetchmailFetchmail Version5.4.0
FetchmailFetchmail Version5.4.3
FetchmailFetchmail Version5.4.4
FetchmailFetchmail Version5.4.5
FetchmailFetchmail Version5.5.0
FetchmailFetchmail Version5.5.2
FetchmailFetchmail Version5.5.3
FetchmailFetchmail Version5.5.5
FetchmailFetchmail Version5.5.6
FetchmailFetchmail Version5.6.0
FetchmailFetchmail Version5.7.0
FetchmailFetchmail Version5.7.2
FetchmailFetchmail Version5.7.4
FetchmailFetchmail Version5.8
FetchmailFetchmail Version5.8.1
FetchmailFetchmail Version5.8.2
FetchmailFetchmail Version5.8.3
FetchmailFetchmail Version5.8.4
FetchmailFetchmail Version5.8.5
FetchmailFetchmail Version5.8.6
FetchmailFetchmail Version5.8.11
FetchmailFetchmail Version5.8.13
FetchmailFetchmail Version5.9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.52% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html
Patch
Vendor Advisory
Exploit
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419
http://www.debian.org/security/2001/dsa-071
http://www.iss.net/security_center/static/6965.php
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3
http://www.linuxsecurity.com/advisories/other_advisory-1555.html
Patch
Vendor Advisory
http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html
http://www.redhat.com/support/errata/RHSA-2001-103.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3164
Patch
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/3166
Patch
Vendor Advisory
Exploit