Vulnerabilities > CVE-2012-3482 - Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-149.NASL description Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389). A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash (CVE-2012-3482). This advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61992 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61992 title Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-132.NASL description Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. last seen 2020-06-01 modified 2020-06-02 plugin id 69622 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69622 title Amazon Linux AMI : fetchmail (ALAS-2012-132) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0872-1.NASL description This update for fetchmail fixes the following issues : - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90185 published 2016-03-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90185 title SUSE SLED11 / SLES11 Security Update : fetchmail (SUSE-SU-2016:0872-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-14451.NASL description Package is updated to latest upstream version which fixes CVE-2012-3482. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-03 plugin id 62398 published 2012-10-03 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62398 title Fedora 17 : fetchmail-6.3.22-1.fc17 (2012-14451) NASL family Solaris Local Security Checks NASL id SOLARIS11_FETCHMAIL_20121016.NASL description The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a last seen 2020-06-01 modified 2020-06-02 plugin id 80605 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80605 title Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-037.NASL description Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389). A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash (CVE-2012-3482). This advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66051 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66051 title Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037) NASL family Fedora Local Security Checks NASL id FEDORA_2012-14462.NASL description Package is updated to latest upstream version which fixes CVE-2012-3482. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-03 plugin id 62399 published 2012-10-03 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62399 title Fedora 16 : fetchmail-6.3.22-1.fc16 (2012-14462) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_83F9E943E66411E1A66D080027EF73EC.NASL description Matthias Andree reports : With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV. Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts last seen 2020-06-01 modified 2020-06-02 plugin id 61539 published 2012-08-15 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61539 title FreeBSD : fetchmail -- two vulnerabilities in NTLM authentication (83f9e943-e664-11e1-a66d-080027ef73ec)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088836.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088871.html
- http://seclists.org/oss-sec/2012/q3/230
- http://seclists.org/oss-sec/2012/q3/232
- http://www.fetchmail.info/fetchmail-SA-2012-02.txt
- http://www.securityfocus.com/bid/54987
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail