Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3482

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-3482
Last Modified 04 Apr 2013 11:12:15
Published 21 Dec 2012 12:46:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3482

Summary

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

Vulnerable Systems

Application

  • Fetchmail 5.0.8

  • Fetchmail 5.1.0

  • Fetchmail 5.1.4

  • Fetchmail 5.2.0

  • Fetchmail 5.2.1

  • Fetchmail 5.2.3

  • Fetchmail 5.2.4

  • Fetchmail 5.2.7

  • Fetchmail 5.2.8

  • Fetchmail 5.3.0

  • Fetchmail 5.3.1

  • Fetchmail 5.3.3

  • Fetchmail 5.3.8

  • Fetchmail 5.4.0

  • Fetchmail 5.4.3

  • Fetchmail 5.4.4

  • Fetchmail 5.4.5

  • Fetchmail 5.5.0

  • Fetchmail 5.5.2

  • Fetchmail 5.5.3

  • Fetchmail 5.5.5

  • Fetchmail 5.5.6

  • Fetchmail 5.6.0

  • Fetchmail 5.7.0

  • Fetchmail 5.7.2

  • Fetchmail 5.7.4

  • Fetchmail 5.8

  • Fetchmail 5.8.1

  • Fetchmail 5.8.11

  • Fetchmail 5.8.13

  • Fetchmail 5.8.14

  • Fetchmail 5.8.17

  • Fetchmail 5.8.2

  • Fetchmail 5.8.3

  • Fetchmail 5.8.4

  • Fetchmail 5.8.5

  • Fetchmail 5.8.6

  • Fetchmail 5.9.0

  • Fetchmail 5.9.10

  • Fetchmail 5.9.11

  • Fetchmail 5.9.13

  • Fetchmail 5.9.4

  • Fetchmail 5.9.5

  • Fetchmail 5.9.8

  • Fetchmail 6.0.0

  • Fetchmail 6.1.0

  • Fetchmail 6.1.3

  • Fetchmail 6.2.0

  • Fetchmail 6.2.1

  • Fetchmail 6.2.2

  • Fetchmail 6.2.3

  • Fetchmail 6.2.4

  • Fetchmail 6.2.5

  • Fetchmail 6.2.5.1

  • Fetchmail 6.2.5.2

  • Fetchmail 6.2.5.4

  • Fetchmail 6.2.6

  • Fetchmail 6.2.9

  • Fetchmail 6.3.0

  • Fetchmail 6.3.1

  • Fetchmail 6.3.10

  • Fetchmail 6.3.11

  • Fetchmail 6.3.12

  • Fetchmail 6.3.13

  • Fetchmail 6.3.14

  • Fetchmail 6.3.15

  • Fetchmail 6.3.16

  • Fetchmail 6.3.17

  • Fetchmail 6.3.18

  • Fetchmail 6.3.19

  • Fetchmail 6.3.2

  • Fetchmail 6.3.21

  • Fetchmail 6.3.3

  • Fetchmail 6.3.4

  • Fetchmail 6.3.5

  • Fetchmail 6.3.6

  • Fetchmail 6.3.7

  • Fetchmail 6.3.8

  • Fetchmail 6.3.9


References

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

BID - 54987

CONFIRM - http://www.fetchmail.info/fetchmail-SA-2012-02.txt

MLIST - [oss-security] 20120813 Re: CVE ID request for fetchmail segfault in NTLM protocol exchange

MLIST - [oss-security] 20120813 CVE ID request for fetchmail segfault in NTLM protocol exchange

FEDORA - FEDORA-2012-14462

FEDORA - FEDORA-2012-14451


Last Updated: 27 May 2016 11:01:29