CVE-2012-3482

Severity

57%

Complexity

86%

Confidentiality

81%

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P).

Overview

Type

Fetchmail

First reported 12 years ago

2012-12-21 05:46:00

Last updated 11 years ago

2013-04-05 03:12:00

Affected Software

Fetchmail 5.0.8

5.0.8

Fetchmail 5.1.0

5.1.0

Fetchmail 5.1.4

5.1.4

Fetchmail 5.2.0

5.2.0

Fetchmail 5.2.1

5.2.1

Fetchmail 5.2.3

5.2.3

Fetchmail 5.2.4

5.2.4

Fetchmail 5.2.7

5.2.7

Fetchmail 5.2.8

5.2.8

Fetchmail 5.3.0

5.3.0

Fetchmail 5.3.1

5.3.1

Fetchmail 5.3.3

5.3.3

Fetchmail 5.3.8

5.3.8

Fetchmail 5.4.0

5.4.0

Fetchmail 5.4.3

5.4.3

Fetchmail 5.4.4

5.4.4

Fetchmail 5.4.5

5.4.5

Fetchmail 5.5.0

5.5.0

Fetchmail 5.5.2

5.5.2

Fetchmail 5.5.3

5.5.3

Fetchmail 5.5.5

5.5.5

Fetchmail 5.5.6

5.5.6

Fetchmail 5.6.0

5.6.0

Fetchmail 5.7.0

5.7.0

Fetchmail 5.7.2

5.7.2

Fetchmail 5.7.4

5.7.4

Fetchmail 5.8

5.8

Fetchmail 5.8.1

5.8.1

Fetchmail 5.8.2

5.8.2

Fetchmail 5.8.3

5.8.3

Fetchmail 5.8.4

5.8.4

Fetchmail 5.8.5

5.8.5

Fetchmail 5.8.6

5.8.6

Fetchmail 5.8.11

5.8.11

Fetchmail 5.8.13

5.8.13

Fetchmail 5.8.14

5.8.14

Fetchmail 5.8.17

5.8.17

Fetchmail 5.9.0

5.9.0

Fetchmail 5.9.4

5.9.4

Fetchmail 5.9.5

5.9.5

Fetchmail 5.9.8

5.9.8

Fetchmail 5.9.10

5.9.10

Fetchmail 5.9.11

5.9.11

Fetchmail 5.9.13

5.9.13

Fetchmail 6.0.0

6.0.0

Fetchmail 6.1.0

6.1.0

Fetchmail 6.1.3

6.1.3

Fetchmail 6.2.0

6.2.0

Fetchmail 6.2.1

6.2.1

Fetchmail 6.2.2

6.2.2

Fetchmail 6.2.3

6.2.3

Fetchmail 6.2.4

6.2.4

Fetchmail 6.2.5

6.2.5

Fetchmail 6.2.5.1

6.2.5.1

Fetchmail 6.2.5.2

6.2.5.2

Fetchmail 6.2.5.4

6.2.5.4

Fetchmail 6.2.6 pre4

6.2.6

Fetchmail 6.2.6 pre8

6.2.6

Fetchmail 6.2.6 pre9

6.2.6

Fetchmail 6.2.9 release candidate 10

6.2.9

Fetchmail 6.2.9 release candidate 3

6.2.9

Fetchmail 6.2.9 release candidate 4

6.2.9

Fetchmail 6.2.9 release candidate 5

6.2.9

Fetchmail 6.2.9 release candidate 7

6.2.9

Fetchmail 6.2.9 release candidate 8

6.2.9

Fetchmail 6.2.9 release candidate 9

6.2.9

Fetchmail 6.3.0

6.3.0

Fetchmail 6.3.1

6.3.1

Fetchmail 6.3.2

6.3.2

Fetchmail 6.3.3

6.3.3

Fetchmail 6.3.4

6.3.4

Fetchmail 6.3.5

6.3.5

Fetchmail 6.3.6

6.3.6

Fetchmail 6.3.6 release candidate 1

6.3.6

Fetchmail 6.3.6 release candidate 2

6.3.6

Fetchmail 6.3.6 release candidate 3

6.3.6

Fetchmail 6.3.6 release candidate 4

6.3.6

Fetchmail 6.3.6 release candidate 5

6.3.6

Fetchmail 6.3.7

6.3.7

Fetchmail 6.3.8

6.3.8

Fetchmail 6.3.9

6.3.9

Fetchmail 6.3.9 release candidate 2

6.3.9

Fetchmail 6.3.10

6.3.10

Fetchmail 6.3.11

6.3.11

Fetchmail 6.3.12

6.3.12

Fetchmail 6.3.13

6.3.13

Fetchmail 6.3.14

6.3.14

Fetchmail 6.3.15

6.3.15

Fetchmail 6.3.16

6.3.16

Fetchmail 6.3.17

6.3.17

Fetchmail 6.3.18

6.3.18

Fetchmail 6.3.19

6.3.19

References

FEDORA-2012-14462

FEDORA-2012-14451

[oss-security] 20120813 CVE ID request for fetchmail segfault in NTLM protocol exchange

[oss-security] 20120813 Re: CVE ID request for fetchmail segfault in NTLM protocol exchange

http://www.fetchmail.info/fetchmail-SA-2012-02.txt

Patch, Vendor Advisory

54987

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.