Vigil@nce - fetchmail: denial of service via NTLM
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to use fetchmail to connect to a
server using an invalid NTLM authentication, in order to stop
fetchmail.
Severity: 1/4
Creation date: 14/08/2012
IMPACTED PRODUCTS
- Unix - platform
DESCRIPTION OF THE VULNERABILITY
The fetchmail program downloads emails from a POP or an IMAP
server.
This server can use an NTLM authentication. In this case, the
ntlm_helper() function of the ntlmsubr.c file decodes the
challenge encoded in base64. However, if the server returned
malformed data, fetchmail does not detect the base64 decoding
error, and then reads at an unallocated memory address.
An attacker can therefore invite the victim to use fetchmail to
connect to a server using an invalid NTLM authentication, in order
to stop fetchmail.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/fetchmail-denial-of-service-via-NTLM-11844