-fetchmail-SA-2012-02: DoS possible with NTLM authentication in debug mode
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
-Topics: fetchmail denial of service in NTLM protocol phase
+fetchmail-SA-2012-02: DoS/data theft possible in NTLM authentication
+
+Topics: fetchmail denial of service/data theft in NTLM protocol phase
Author: Matthias Andree
-Version: draft
+Version: 1.0
Announced: 2012-08-13
-Type: crash while reading from bad memory location
-Impact: fetchmail segfaults and aborts, stalling inbound mail
+Type: reading from bad memory locations
+Impact: fetchmail segfaults and aborts, stalling inbound mail,
+ or: fetchmail conveys data from bad locations, possibly
+ betraying confidential data
Danger: low
Acknowledgment: J. Porter Clark
-CVE Name: (TBD)
+CVE Name: CVE-2012-3482
URL: http://www.fetchmail.info/fetchmail-SA-2012-02.txt
Project URL: http://www.fetchmail.info/
Corrected in: 2012-08-13 Git, among others, see commit
3fbc7cd331602c76f882d1b507cd05c1d824ba8b
- 2012-08-xx fetchmail 6.3.22 release tarball
+ 2012-08-29 fetchmail 6.3.22 release tarball
0. Release history
==================
-2012-08-13 0.1 draft
+2012-08-29 1.0 release
1. Background
Fetchmail version 5.0.8 added NTLM support. This code sent the NTLM
authentication request, but never checked if the received response was
-NTLM protocol exchange, or a server-side error message. Instead,
-fetchmail tried to decode the error message as though it were
-base64-encoded protocol exchange, and could then segfault depending of
-buffer contents, while reading data from bad memory locations.
+an NTLM challenge, or a server-side error message. Instead, fetchmail
+tried to decode the error message as though it were base64-encoded
+protocol exchange, and could then segfault, subject to verbosity and
+other circumstances, while reading data from bad memory locations.
+Also, when the "Target Name" structure in the NTLM Type 2 message (the
+challenge) was carefully crafted, fetchmail might read from the wrong
+memory location, and send confidential data to the server that it should
+not have. It is deemed hard, although not impossible, to steal
+other accounts' data.
3. Solution
===========
Use the information herein at your own risk.
END of fetchmail-SA-2012-02
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAlA+n3kACgkQvmGDOQUufZWzKwCfcOJF35eJ/bOio0VRfFFOiBsq
+dNwAnicBBiqQOq9i7atwBr4gdZ5x+SUM
+=+hqO
+-----END PGP SIGNATURE-----