[VIM] CVE-2005-2335 (fetchmail)

Steven M. Christey coley at linus.mitre.org
Wed Jul 27 00:09:45 EDT 2005

On Tue, 26 Jul 2005, Sullo wrote:

> Steve,
> secunia is referencing CVE-2005-2335 regarding a fetchmail vuln, but
> that one doesn't seem to exist. I don't see it via search, either...
> someone missing something?

It should have been CAN-2005-2335 (not CVE), which a Google search will
produce a couple examples.

This kind of inconsistency is one of the main reasons why we're getting
rid of the dual naming scheme and just sticking with the CVE prefix
(status codes will say whether they're CANs or CVEs.)

By the way, Fedora introduced a typo for the same issue - CAN-2005-2355 -
but that will be heavily flagged by CVE as being the wrong number.

See below.

- Steve

Candidate: CAN-2005-2335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335
Reference: CONFIRM:http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
Reference: CONFIRM:http://developer.berlios.de/project/shownotes.php?release_id=6617
Reference: FEDORA:FEDORA-2005-613
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html
Reference: FEDORA:FEDORA-2005-614
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html
Reference: BID:14349
Reference: URL:http://www.securityfocus.com/bid/14349
Reference: FRSIRT:ADV-2005-1171
Reference: URL:http://www.frsirt.com/english/advisories/2005/1171
Reference: SECUNIA:16176
Reference: URL:http://secunia.com/advisories/16176

Buffer overflow in the POP3 client in Fetchmail before allows
remote POP3 servers to cause a denial of service and possibly execute
arbitrary code via long UIDL responses.  NOTE: a typo in an advisory
accidentally used the wrong CVE identifier for the Fetchmail issue.
This is the correct identifier.

Candidate: CAN-2005-2355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2355
Reference: MISC:http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html

** REJECT **

CAN-2005-2356.  Reason: due to a typo in an advisory, this candidate
was accidentally referenced.  Notes: All CVE users should consult
CAN-2005-2335 and CAN-2005-2356 to determine the appropriate
identifier for the issue.

More information about the VIM mailing list