FreeBSD : fetchmail -- two vulnerabilities in NTLM authentication (83f9e943-e664-11e1-a66d-080027ef73ec)
Medium Nessus Plugin ID 61539
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMatthias Andree reports :
With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV.
Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts' data.
SolutionUpdate the affected package.