Candidate: CVE-2012-3482 PublicDate: 2012-12-21 05:46:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3482 http://www.fetchmail.info/fetchmail-SA-2012-02.txt Description: Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. Ubuntu-Description: Notes: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=847988 https://bugs.launchpad.net/bugs/1036509 https://bugs.gentoo.org/show_bug.cgi?id=431284 Priority: low Discovered-by: Assigned-to: CVSS: Patches_fetchmail: upstream: https://gitlab.com/fetchmail/fetchmail/-/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b upstream_fetchmail: released (6.3.22) hardy_fetchmail: ignored (reached end-of-life) lucid_fetchmail: ignored (reached end-of-life) natty_fetchmail: ignored (reached end-of-life) oneiric_fetchmail: ignored (reached end-of-life) precise_fetchmail: ignored (reached end-of-life) precise/esm_fetchmail: DNE (precise was needed) quantal_fetchmail: ignored (reached end-of-life) raring_fetchmail: ignored (reached end-of-life) saucy_fetchmail: ignored (reached end-of-life) trusty_fetchmail: not-affected (6.3.26-1) trusty/esm_fetchmail: DNE (trusty was not-affected) utopic_fetchmail: ignored (reached end-of-life) vivid_fetchmail: ignored (reached end-of-life) vivid/stable-phone-overlay_fetchmail: DNE vivid/ubuntu-core_fetchmail: DNE wily_fetchmail: ignored (reached end-of-life) xenial_fetchmail: not-affected (6.3.26-1) esm-infra/xenial_fetchmail: not-affected (6.3.26-1) yakkety_fetchmail: ignored (reached end-of-life) zesty_fetchmail: ignored (reached end-of-life) artful_fetchmail: ignored (reached end-of-life) bionic_fetchmail: not-affected (6.3.26-1) cosmic_fetchmail: ignored (reached end-of-life) disco_fetchmail: ignored (reached end-of-life) eoan_fetchmail: ignored (reached end-of-life) focal_fetchmail: not-affected (6.3.26-1) groovy_fetchmail: ignored (reached end-of-life) hirsute_fetchmail: not-affected (6.3.26-1) impish_fetchmail: not-affected (6.3.26-1) jammy_fetchmail: not-affected (6.3.26-1) devel_fetchmail: not-affected (6.3.26-1)