Vulnerabilities > CVE-2012-3482 - Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
PARTIAL
network
fetchmail
nessus

Summary

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

Vulnerable Configurations

Part Description Count
Application
Fetchmail
93

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-149.NASL
    descriptionMultiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389). A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash (CVE-2012-3482). This advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61992
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61992
    titleMandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-132.NASL
    descriptionFetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
    last seen2020-06-01
    modified2020-06-02
    plugin id69622
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69622
    titleAmazon Linux AMI : fetchmail (ALAS-2012-132)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0872-1.NASL
    descriptionThis update for fetchmail fixes the following issues : - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90185
    published2016-03-25
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90185
    titleSUSE SLED11 / SLES11 Security Update : fetchmail (SUSE-SU-2016:0872-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-14451.NASL
    descriptionPackage is updated to latest upstream version which fixes CVE-2012-3482. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-10-03
    plugin id62398
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62398
    titleFedora 17 : fetchmail-6.3.22-1.fc17 (2012-14451)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_FETCHMAIL_20121016.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id80605
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80605
    titleOracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-037.NASL
    descriptionMultiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389). A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash (CVE-2012-3482). This advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66051
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66051
    titleMandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-14462.NASL
    descriptionPackage is updated to latest upstream version which fixes CVE-2012-3482. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-10-03
    plugin id62399
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62399
    titleFedora 16 : fetchmail-6.3.22-1.fc16 (2012-14462)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_83F9E943E66411E1A66D080027EF73EC.NASL
    descriptionMatthias Andree reports : With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV. Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts
    last seen2020-06-01
    modified2020-06-02
    plugin id61539
    published2012-08-15
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61539
    titleFreeBSD : fetchmail -- two vulnerabilities in NTLM authentication (83f9e943-e664-11e1-a66d-080027ef73ec)