diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2012-08-27 17:44:23 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2012-08-27 17:44:23 +0000 |
| commit | 6b9d75c6d68ebd686f593b1baee981e95e14c15d (patch) | |
| tree | af486af50b7e19a9a6a94a14ad8edecd73a4c293 | |
| parent | 0271a4a8b2eb6aab50e394b7177eabf198c96e38 (diff) | |
Notes
| -rw-r--r-- | mail/fetchmail/Makefile | 1 | ||||
| -rw-r--r-- | mail/fetchmail/files/patch-CVE-2012-3482 | 53 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 3 |
3 files changed, 56 insertions, 1 deletions
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index c829d74cd083..371fbc9b6b47 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -12,6 +12,7 @@ PORTNAME= fetchmail PORTVERSION= 6.3.21 +PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= BERLIOS/${PORTNAME}/ \ SF/${PORTNAME}/branch_6.3/ \ diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482 new file mode 100644 index 000000000000..64e4588effe1 --- /dev/null +++ b/mail/fetchmail/files/patch-CVE-2012-3482 @@ -0,0 +1,53 @@ +diff --git a/ntlm.h b/ntlm.h +index 1469633..ad83520 100644 +--- a/ntlm.h ++++ b/ntlm.h +@@ -32,8 +32,8 @@ uint32 msgType; + tSmbStrHeader uDomain; + uint32 flags; + uint8 challengeData[8]; +-uint8 reserved[8]; +-tSmbStrHeader emptyString; ++uint32 context[2]; ++tSmbStrHeader targetInfo; + uint8 buffer[1024]; + uint32 bufIndex; + }tSmbNtlmAuthChallenge; +diff --git a/ntlmsubr.c b/ntlmsubr.c +index f9d2733..63cbed8 100644 +--- a/ntlmsubr.c ++++ b/ntlmsubr.c +@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + goto cancelfail; + +- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); ++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0 ++ || result < ((void *)&challenge.context - (void *)&challenge)) ++ { ++ report (stderr, GT_("could not decode BASE64 challenge\n")); ++ /* We do not goto cancelfail; the server has already sent the ++ * tagged reply, so the protocol exchange has ended, no need ++ * for us to send the asterisk. */ ++ return PS_AUTHFAIL; ++ } ++ ++ /* validate challenge: ++ * - ident ++ * - message type ++ * - that offset points into buffer ++ * - that offset + length does not wrap ++ * - that offset + length is not bigger than buffer */ ++ if (0 != memcmp("NTLMSSP", challenge.ident, 8) ++ || challenge.msgType != 2 ++ || challenge.uDomain.offset > result ++ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset ++ || challenge.uDomain.offset + challenge.uDomain.len > result) ++ { ++ report (stderr, GT_("NTLM challenge contains invalid data.\n")); ++ result = PS_AUTHFAIL; ++ goto cancelfail; ++ } + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge); diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a4095e0a2e56..07759c986cd3 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -611,7 +611,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>fetchmail</name> - <range><ge>5.0.8</ge><lt>6.3.22</lt></range> + <range><ge>5.0.8</ge><lt>6.3.21_1</lt></range> </package> </affects> <description> @@ -634,6 +634,7 @@ Note: Please add new entries to the beginning of this file. <dates> <discovery>2012-08-12</discovery> <entry>2012-08-14</entry> + <modified>2012-08-27</modified> </dates> </vuln> |