[VIM] CVE-2005-2335 (fetchmail)
Steven M. Christey
coley at linus.mitre.org
Wed Jul 27 00:09:45 EDT 2005
On Tue, 26 Jul 2005, Sullo wrote:
> secunia is referencing CVE-2005-2335 regarding a fetchmail vuln, but
> that one doesn't seem to exist. I don't see it via search, either...
> someone missing something?
It should have been CAN-2005-2335 (not CVE), which a Google search will
produce a couple examples.
This kind of inconsistency is one of the main reasons why we're getting
rid of the dual naming scheme and just sticking with the CVE prefix
(status codes will say whether they're CANs or CVEs.)
By the way, Fedora introduced a typo for the same issue - CAN-2005-2355 -
but that will be heavily flagged by CVE as being the wrong number.
Buffer overflow in the POP3 client in Fetchmail before 220.127.116.11 allows
remote POP3 servers to cause a denial of service and possibly execute
arbitrary code via long UIDL responses. NOTE: a typo in an advisory
accidentally used the wrong CVE identifier for the Fetchmail issue.
This is the correct identifier.
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-2335,
CAN-2005-2356. Reason: due to a typo in an advisory, this candidate
was accidentally referenced. Notes: All CVE users should consult
CAN-2005-2335 and CAN-2005-2356 to determine the appropriate
identifier for the issue.
More information about the VIM