Vulnerability Name:

CVE-2002-0146 (CCN-9133)

Assigned:2002-05-20
Published:2002-05-20
Updated:2011-02-15
Summary:fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-027.0

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-027.0
Linux: fetchmail imap message count vulnerability

Source: CCN
Type: Fetchmail Web Page
The fetchmail Home Page

Source: MITRE
Type: CNA
CVE-2002-0146

Source: CCN
Type: Hewlett-Packard Company Security Advisory HPSBTL0205-042
Security vulnerability in fetchmail

Source: HP
Type: UNKNOWN
HPSBTL0205-042

Source: CCN
Type: RHSA-2002-047
Updated fetchmail packages available

Source: CCN
Type: Fetchmail Home Page
fetchmail

Source: XF
Type: UNKNOWN
fetchmail-imap-msgnum-bo(9133)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:036

Source: CCN
Type: OSVDB ID: 4595
Fetchmail IMAP Message Count Overflow

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:047

Source: BID
Type: UNKNOWN
4788

Source: CCN
Type: BID-4788
Eric S. Raymond Fetchmail Message Count IMAP Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
fetchmail-imap-msgnum-bo(9133)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:4.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.13:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.14:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.8.17:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:5.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:fetchmail:fetchmail:*:*:*:*:*:*:*:* (Version <= 5.9.8)

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:secure_os:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    fetchmail fetchmail 4.5.1
    fetchmail fetchmail 4.5.2
    fetchmail fetchmail 4.5.3
    fetchmail fetchmail 4.5.4
    fetchmail fetchmail 4.5.5
    fetchmail fetchmail 4.5.6
    fetchmail fetchmail 4.5.7
    fetchmail fetchmail 4.5.8
    fetchmail fetchmail 4.6.0
    fetchmail fetchmail 4.6.1
    fetchmail fetchmail 4.6.2
    fetchmail fetchmail 4.6.3
    fetchmail fetchmail 4.6.4
    fetchmail fetchmail 4.6.5
    fetchmail fetchmail 4.6.6
    fetchmail fetchmail 4.6.7
    fetchmail fetchmail 4.6.8
    fetchmail fetchmail 4.6.9
    fetchmail fetchmail 4.7.0
    fetchmail fetchmail 4.7.1
    fetchmail fetchmail 4.7.2
    fetchmail fetchmail 4.7.3
    fetchmail fetchmail 4.7.4
    fetchmail fetchmail 4.7.5
    fetchmail fetchmail 4.7.6
    fetchmail fetchmail 4.7.7
    fetchmail fetchmail 5.0.0
    fetchmail fetchmail 5.0.1
    fetchmail fetchmail 5.0.2
    fetchmail fetchmail 5.0.3
    fetchmail fetchmail 5.0.4
    fetchmail fetchmail 5.0.5
    fetchmail fetchmail 5.0.6
    fetchmail fetchmail 5.0.7
    fetchmail fetchmail 5.0.8
    fetchmail fetchmail 5.1.0
    fetchmail fetchmail 5.1.4
    fetchmail fetchmail 5.2.0
    fetchmail fetchmail 5.2.1
    fetchmail fetchmail 5.2.3
    fetchmail fetchmail 5.2.4
    fetchmail fetchmail 5.2.7
    fetchmail fetchmail 5.2.8
    fetchmail fetchmail 5.3.0
    fetchmail fetchmail 5.3.1
    fetchmail fetchmail 5.3.3
    fetchmail fetchmail 5.3.8
    fetchmail fetchmail 5.4.0
    fetchmail fetchmail 5.4.3
    fetchmail fetchmail 5.4.4
    fetchmail fetchmail 5.4.5
    fetchmail fetchmail 5.5.0
    fetchmail fetchmail 5.5.2
    fetchmail fetchmail 5.5.3
    fetchmail fetchmail 5.5.5
    fetchmail fetchmail 5.5.6
    fetchmail fetchmail 5.6.0
    fetchmail fetchmail 5.7.0
    fetchmail fetchmail 5.7.2
    fetchmail fetchmail 5.7.4
    fetchmail fetchmail 5.8
    fetchmail fetchmail 5.8.1
    fetchmail fetchmail 5.8.2
    fetchmail fetchmail 5.8.3
    fetchmail fetchmail 5.8.4
    fetchmail fetchmail 5.8.5
    fetchmail fetchmail 5.8.6
    fetchmail fetchmail 5.8.11
    fetchmail fetchmail 5.8.13
    fetchmail fetchmail 5.8.14
    fetchmail fetchmail 5.8.17
    fetchmail fetchmail 5.9.0
    fetchmail fetchmail 5.9.4
    fetchmail fetchmail 5.9.5
    fetchmail fetchmail *
    redhat linux 6.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake single network firewall 7.2
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    hp secure os 1.0
    mandrakesoft mandrake linux 8.2
    redhat linux 7.3
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2