FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3482

This CVE name corresponds to:

Entered Topic
2012-08-14 fetchmail -- two vulnerabilities in NTLM authentication

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-3482 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-3482
Phase Assigned(20120614)

Description

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

References

Source Reference
MLIST [oss-security] 20120813 CVE ID request for fetchmail segfault in NTLM protocol exchange
MLIST [oss-security] 20120813 Re: CVE ID request for fetchmail segfault in NTLM protocol exchange
CONFIRM http://www.fetchmail.info/fetchmail-SA-2012-02.txt
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
FEDORA FEDORA-2012-14462
FEDORA FEDORA-2012-14451
BID 54987

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.