CVE-2012-3482

Priority
Description
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug
mode, allows remote NTLM servers to (1) cause a denial of service (crash
and delayed delivery of inbound mail) via a crafted NTLM response that
triggers an out-of-bounds read in the base64 decoder, or (2) obtain
sensitive information from memory via an NTLM Type 2 message with a crafted
Target Name structure, which triggers an out-of-bounds read.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Patches:
Upstream:http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b
More Information

Updated: 2019-04-26 14:14:37 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)