[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3482Date: (C)2012-12-21   (M)2024-04-19


Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-54987
FEDORA-2012-14451
FEDORA-2012-14462
http://seclists.org/oss-sec/2012/q3/230
http://seclists.org/oss-sec/2012/q3/232
http://www.fetchmail.info/fetchmail-SA-2012-02.txt
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

CPE    92
cpe:/a:fetchmail:fetchmail:6.1.0
cpe:/a:fetchmail:fetchmail:6.1.3
cpe:/a:fetchmail:fetchmail:6.2.9:rc10
cpe:/a:fetchmail:fetchmail:5.3.3
...
OVAL    6
oval:org.secpod.oval:def:104200
oval:org.secpod.oval:def:1601323
oval:org.secpod.oval:def:104199
oval:org.secpod.oval:def:89045168
...

© SecPod Technologies