PublicDate: 2007-08-28 01:17:00 UTC
Candidate: CVE-2007-4565
References:
 http://www.fetchmail.info/fetchmail-SA-2007-02.txt
 http://www.securityfocus.com/bid/25495
 https://ubuntu.com/security/notices/USN-520-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565
Description:
 sink.c in fetchmail before 6.3.9 allows context-dependent attackers to
 cause a denial of service (NULL dereference and application crash) by
 refusing certain warning messages that are sent over SMTP.
Ubuntu-Description:
 Earl Chew discovered that fetchmail can be made to de-reference a NULL
 pointer when contacting SMTP servers. This vulnerability can be used
 by attackers who control the SMTP server to crash fetchmail and cause
 a denial of service. (CVE-2007-4565)
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
upstream_fetchmail: released (6.3.9)
dapper_fetchmail: released (6.3.2-2ubuntu2.2)
edgy_fetchmail: released (6.3.4-1ubuntu4.2)
feisty_fetchmail: released (6.3.6-1ubuntu2.1)
devel_fetchmail: released (6.3.8-8ubuntu1)