Low: fetchmail

2012-10-08T10:41:00
ID ALAS-2012-132
Type amazon
Reporter Amazon
Modified 2014-09-14T17:08:00

Description

Issue Overview:

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

Affected Packages:

fetchmail

Issue Correction:
Run yum update fetchmail to update your system.

New Packages:

i686:  
    fetchmail-6.3.17-1.9.amzn1.i686  
    fetchmail-debuginfo-6.3.17-1.9.amzn1.i686

src:  
    fetchmail-6.3.17-1.9.amzn1.src

x86_64:  
    fetchmail-debuginfo-6.3.17-1.9.amzn1.x86_64  
    fetchmail-6.3.17-1.9.amzn1.x86_64