CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
EPSS
Percentile
79.7%
Issue Overview:
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
Affected Packages:
fetchmail
Issue Correction:
Run yum update fetchmail to update your system.
New Packages:
i686:
fetchmail-6.3.17-1.9.amzn1.i686
fetchmail-debuginfo-6.3.17-1.9.amzn1.i686
src:
fetchmail-6.3.17-1.9.amzn1.src
x86_64:
fetchmail-debuginfo-6.3.17-1.9.amzn1.x86_64
fetchmail-6.3.17-1.9.amzn1.x86_64
Red Hat: CVE-2012-3482
Mitre: CVE-2012-3482
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | fetchmail | < 6.3.17-1.9.amzn1 | fetchmail-6.3.17-1.9.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | fetchmail-debuginfo | < 6.3.17-1.9.amzn1 | fetchmail-debuginfo-6.3.17-1.9.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | fetchmail-debuginfo | < 6.3.17-1.9.amzn1 | fetchmail-debuginfo-6.3.17-1.9.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | fetchmail | < 6.3.17-1.9.amzn1 | fetchmail-6.3.17-1.9.amzn1.x86_64.rpm |