Fetchmail NTLM Authentication Processing Flaw Lets Remote Servers Deny Service
|
|
SecurityTracker Alert ID: 1027377 |
|
SecurityTracker URL: http://securitytracker.com/id/1027377
|
|
CVE Reference:
CVE-2012-3482
(Links to External Site)
|
Date: Aug 14 2012
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.0.8 through 6.3.21
|
Description:
A vulnerability was reported in Fetchmail. A remote user can cause denial of service conditions in certain cases.
On systems compiled with NTLM support enabled, a remote server can returned specially crafted data in response to an NTLM authentication request to cause the target connected application to hang.
Systems running in debug mode are affected.
J. Porter Clark reported this vulnerability.
|
Impact:
A remote server can cause the connected application to hang, blocking incoming mail.
|
Solution:
The vendor has issued a source code fix. The fix will be included in version 6.3.22.
The vendor's advisory will be available at:
http://www.fetchmail.info/fetchmail-SA-2012-02.txt
|
Vendor URL: www.fetchmail.info/fetchmail-SA-2012-02.txt (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
