LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

fetchmail: denial of service

Package(s):fetchmail CVE #(s):CVE-2012-3482
Created:September 4, 2012 Updated:April 5, 2013
Description: From the Mandriva advisory:

A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash.

Alerts:
Mandriva MDVSA-2012:149 2012-09-01
Mageia MGASA-2012-0259 2012-09-07
Fedora FEDORA-2012-14451 2012-10-02
Fedora FEDORA-2012-14462 2012-10-02
Mandriva MDVSA-2013:037 2013-04-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds