FreeBSD : fetchmail -- STARTTLS denial of service (f7d838f2-9039-11e0-a051-080027ef73ec)

medium Nessus Plugin ID 54983

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Matthias Andree reports :

Fetchmail version 5.9.9 introduced STLS support for POP3, version 6.0.0 added STARTTLS for IMAP. However, the actual S(TART)TLS-initiated in-band SSL/TLS negotiation was not guarded by a timeout.

Depending on the operating system defaults as to TCP stream keepalive mode, fetchmail hangs in excess of one week after sending STARTTLS were observed if the connection failed without notifying the operating system, for instance, through network outages or hard server crashes.

A malicious server that does not respond, at the network level, after acknowledging fetchmail's STARTTLS or STLS request, can hold fetchmail in this protocol state, and thus render fetchmail unable to complete the poll, or proceed to the next server, effecting a denial of service.

SSL-wrapped mode on dedicated ports was unaffected by this problem, so can be used as a workaround.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?9961308c

http://www.fetchmail.info/fetchmail-SA-2011-01.txt

http://www.nessus.org/u?cd3a3c90

Plugin Details

Severity: Medium

ID: 54983

File Name: freebsd_pkg_f7d838f2903911e0a051080027ef73ec.nasl

Version: 1.7

Type: local

Published: 6/7/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:fetchmail, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/6/2011

Vulnerability Publication Date: 4/28/2011

Reference Information

CVE: CVE-2011-1947