FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- two vulnerabilities in NTLM authentication

Affected packages
5.0.8 <= fetchmail < 6.3.21_1


VuXML ID 83f9e943-e664-11e1-a66d-080027ef73ec
Discovery 2012-08-12
Entry 2012-08-14
Modified 2012-08-27

Matthias Andree reports:

With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV.

Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts' data.


CVE Name CVE-2012-3482