etchmail-SA-2012-02: DoS possible with NTLM authentication in debug mode
Topics: fetchmail denial of service in NTLM protocol phase
Author: Matthias Andree
Type: crash while reading from bad memory location
Impact: fetchmail segfaults and aborts, stalling inbound mail
Acknowledgment: J. Porter Clark
CVE Name: (TBD)
Project URL: http://www.fetchmail.info/
Affects: - fetchmail releases 5.0.8 up to and including 6.3.21
when compiled with NTLM support enabled
Not affected: - fetchmail releases compiled with NTLM support disabled
- fetchmail releases 6.3.22 and newer
Corrected in: 2012-08-13 Git, among others, see commit
2012-08-xx fetchmail 6.3.22 release tarball
6.3.22 added to CVS.
(In reply to comment #1)
> 6.3.22 added to CVS.
Thanks, Tim. May we proceed with stabilization?
(In reply to comment #2)
> Thanks, Tim. May we proceed with stabilization?
Thanks. Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86: compile,test, run, repoman OK
GLSA vote: no.
GLSA Vote: no. Closing noglsa.