diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2012-08-14 20:47:22 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2012-08-14 20:56:47 +0200 |
| commit | c189f6a54f36f5b6f7734303db3cfc52311aab5f (patch) | |
| tree | d477669cc743ee2186ee368005236fd272ac03a5 /NEWS | |
| parent | 4bb8724c875163a426d7da7044b08582600367d1 (diff) | |
| download | fetchmail-c189f6a54f36f5b6f7734303db3cfc52311aab5f.tar.gz fetchmail-c189f6a54f36f5b6f7734303db3cfc52311aab5f.tar.bz2 fetchmail-c189f6a54f36f5b6f7734303db3cfc52311aab5f.zip | |
Validate NTLM challenge fields.
This is to avoid reading from bad locations, and possibly conveying
confidential data. Credit to Nico Golde.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -59,15 +59,19 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.22 (not yet released): # SECURITY FIXES -* CVE-2012-(not yet assigned): +* for CVE-2012-3482: NTLM: fetchmail mistook an error message that the server sent in response to an NTLM request for protocol exchange, tried to decode it, and crashed while reading from a bad memory location. - Fix: Detect base64 decoding errors and abort NTLM authentication. + Also, with a carefully crafted NTLM challenge packet sent from the server, it + would be possible that fetchmail conveyed confidential data not meant for the + server through the NTLM response packet. + Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort + NTLM authentication in case of error. See fetchmail-SA-2012-02.txt for further details. Reported by J. Porter Clark. -* CVE-2011-3389: +* for CVE-2011-3389: SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure against a certain kind of attack against cipher block chaining initialization vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). |