775988 – (CVE-2012-3482) VUL-1: CVE-2012-3482: fetchmail: DoS (Application crash) in the base64 decoder during server NTLM protocol exchange

Bug 775988 (CVE-2012-3482) - VUL-1: CVE-2012-3482: fetchmail: DoS (Application crash) in the base64 decoder during server NTLM protocol exchange

Summary: VUL-1: CVE-2012-3482: fetchmail: DoS (Application crash) in the base64 decode...

Status:	RESOLVED FIXED

Alias:	CVE-2012-3482

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Deadline:	2016-04-07
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle10-sp3:62540
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2012-08-15 08:24 UTC by Matthias Weckbecker
Modified:	2018-11-04 23:43 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2012-08-15 08:24:25 UTC

There has been a Denial of Service issue reported in fetchmail recently [1].
Upstream patch available from fetchmail's git repository [2].

[1] https://bugs.gentoo.org/show_bug.cgi?id=431284
[2] http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507
cd05c1d824ba8b

Comment 1 Bernhard Wiedemann 2012-09-18 19:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (775988) was mentioned in
https://build.opensuse.org/request/show/134928 Factory / fetchmail

Comment 2 Vítězslav Čížek 2015-08-26 08:22:34 UTC

Security team,
There wasn't any other fetchmail bug for three years.
Do you want me to submit the fetchmail packages (SLE-10 and SLE-11) or do we keep on waiting?

Comment 3 Alexander Bergmann 2015-08-26 11:42:59 UTC

This issue has a low security impact. Only carefully crafted NTLM server packets can exploit this problem.

We will leave this issue on the planed update list and fix it together with future bugfixes.

Comment 5 Simon Lees 2016-03-07 12:41:15 UTC

Issue affects SLE-10 and SLE11, SR's created

Comment 6 Swamp Workflow Management 2016-03-10 09:53:35 UTC

An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2016-04-07.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62539

Comment 7 Swamp Workflow Management 2016-03-24 11:09:54 UTC

SUSE-SU-2016:0872-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 775988
CVE References: CVE-2012-3482
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    fetchmail-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    fetchmail-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    fetchmail-6.3.8.90-13.20.21.1

Comment 8 Marcus Meissner 2016-04-05 08:58:48 UTC

releasewd