FreeBSD : fetchmail -- two vulnerabilities in NTLM authentication (83f9e943-e664-11e1-a66d-080027ef73ec)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthias Andree reports :

With NTLM support enabled, fetchmail might mistake a server-side error
message during NTLM protocol exchange for protocol data, leading to a

Also, with a carefully crafted NTLM challenge, a malicious server
might cause fetchmail to read from a bad memory location, betraying
confidential data. It is deemed hard, although not impossible, to
steal other accounts' data.

See also :

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.8

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61539 ()

Bugtraq ID:

CVE ID: CVE-2012-3482

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now