FreeBSD : fetchmail -- two vulnerabilities in NTLM authentication (83f9e943-e664-11e1-a66d-080027ef73ec)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthias Andree reports :

With NTLM support enabled, fetchmail might mistake a server-side error
message during NTLM protocol exchange for protocol data, leading to a
SIGSEGV.

Also, with a carefully crafted NTLM challenge, a malicious server
might cause fetchmail to read from a bad memory location, betraying
confidential data. It is deemed hard, although not impossible, to
steal other accounts' data.

See also :

http://www.nessus.org/u?e638b72f

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61539 ()

Bugtraq ID:

CVE ID: CVE-2012-3482

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now