[VIM] CVE-2005-2335 (fetchmail)
sullo at cirt.net
Wed Jul 27 00:21:29 EDT 2005
I think maybe I misspoke, sorta. Secunia references CAN-2005-2335... but
the link doesn't seem to work:
The original advisory lists CAN-2005-2335...
Something just isn't right, or it's too late in the night for me to
figure it out :-)
Steven M. Christey wrote:
>On Tue, 26 Jul 2005, Sullo wrote:
>>secunia is referencing CVE-2005-2335 regarding a fetchmail vuln, but
>>that one doesn't seem to exist. I don't see it via search, either...
>>someone missing something?
>It should have been CAN-2005-2335 (not CVE), which a Google search will
>produce a couple examples.
>This kind of inconsistency is one of the main reasons why we're getting
>rid of the dual naming scheme and just sticking with the CVE prefix
>(status codes will say whether they're CANs or CVEs.)
>By the way, Fedora introduced a typo for the same issue - CAN-2005-2355 -
>but that will be heavily flagged by CVE as being the wrong number.
>Buffer overflow in the POP3 client in Fetchmail before 18.104.22.168 allows
>remote POP3 servers to cause a denial of service and possibly execute
>arbitrary code via long UIDL responses. NOTE: a typo in an advisory
>accidentally used the wrong CVE identifier for the Fetchmail issue.
>This is the correct identifier.
>** REJECT **
>DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-2335,
>CAN-2005-2356. Reason: due to a typo in an advisory, this candidate
>was accidentally referenced. Notes: All CVE users should consult
>CAN-2005-2335 and CAN-2005-2356 to determine the appropriate
>identifier for the issue.
http://www.cirt.net/ | http://www.osvdb.org/
More information about the VIM