X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail-SA-2012-02.txt;h=e0761f49d64452ed903c6bb2cd86845eb8b8297d;hb=a23a8cf8ee1da51c4392b9f52e6b72b0c01e3b5e;hp=d712ab37f0ba4e64398d9c4de8cac65aa727b4ca;hpb=f1c0ba89205211f7f723ca81c0130dde30dca336;p=~andy%2Ffetchmail

diff --git a/fetchmail-SA-2012-02.txt b/fetchmail-SA-2012-02.txt
index d712ab37..e0761f49 100644
--- a/fetchmail-SA-2012-02.txt
+++ b/fetchmail-SA-2012-02.txt
@@ -1,16 +1,21 @@
-fetchmail-SA-2012-01: DoS possible with NTLM authentication in debug mode
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
 
-Topics:		fetchmail denial of service in NTLM protocol phase
+fetchmail-SA-2012-02: DoS/data theft possible in NTLM authentication
+
+Topics:		fetchmail denial of service/data theft in NTLM protocol phase
 
 Author:		Matthias Andree
-Version:	draft
+Version:	1.0
 Announced:	2012-08-13
-Type:		crash while reading from bad memory location
-Impact:		fetchmail segfaults and aborts, stalling inbound mail
+Type:		reading from bad memory locations
+Impact:		fetchmail segfaults and aborts, stalling inbound mail,
+		or: fetchmail conveys data from bad locations, possibly
+		betraying confidential data
 Danger:		low
 Acknowledgment:	J. Porter Clark
 
-CVE Name:	(TBD)
+CVE Name:	CVE-2012-3482
 URL:		http://www.fetchmail.info/fetchmail-SA-2012-02.txt
 Project URL:	http://www.fetchmail.info/
 
@@ -23,13 +28,13 @@ Not affected:	- fetchmail releases compiled with NTLM support disabled
 Corrected in:	2012-08-13 Git, among others, see commit
 		3fbc7cd331602c76f882d1b507cd05c1d824ba8b
 
-		2012-08-xx fetchmail 6.3.22 release tarball
+		2012-08-29 fetchmail 6.3.22 release tarball
 
 
 0. Release history
 ==================
 
-2012-08-13 0.1	draft
+2012-08-29 1.0	release
 
 
 1. Background
@@ -49,11 +54,16 @@ regular protocol ports.
 
 Fetchmail version 5.0.8 added NTLM support. This code sent the NTLM
 authentication request, but never checked if the received response was
-NTLM protocol exchange, or a server-side error message.  Instead,
-fetchmail tried to decode the error message as though it were
-base64-encoded protocol exchange, and could then segfault depending of
-buffer contents, while reading data from bad memory locations.
+an NTLM challenge, or a server-side error message.  Instead, fetchmail
+tried to decode the error message as though it were base64-encoded
+protocol exchange, and could then segfault, subject to verbosity and
+other circumstances, while reading data from bad memory locations.
 
+Also, when the "Target Name" structure in the NTLM Type 2 message (the
+challenge) was carefully crafted, fetchmail might read from the wrong
+memory location, and send confidential data to the server that it should
+not have.  It is deemed hard, although not impossible, to steal
+other accounts' data.
 
 3. Solution
 ===========
@@ -98,3 +108,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
 Use the information herein at your own risk.
 
 END of fetchmail-SA-2012-02
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAlA+n3kACgkQvmGDOQUufZWzKwCfcOJF35eJ/bOio0VRfFFOiBsq
+dNwAnicBBiqQOq9i7atwBr4gdZ5x+SUM
+=+hqO
+-----END PGP SIGNATURE-----