FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
18ce9a90-f269-11e1-be53-080027ef73ecfetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports:

Fetchmail version 6.3.9 enabled "all SSL workarounds" (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case.

Stream ciphers (such as RC4) are unaffected.

Credits to Apple Product Security for reporting this.


Discovery 2012-01-19
Entry 2012-08-30
fetchmail
ge 6.3.9 lt 6.3.22

CVE-2011-3389
83f9e943-e664-11e1-a66d-080027ef73ecfetchmail -- two vulnerabilities in NTLM authentication

Matthias Andree reports:

With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV.

Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts' data.


Discovery 2012-08-12
Entry 2012-08-14
Modified 2012-08-27
fetchmail
ge 5.0.8 lt 6.3.22

CVE-2012-3482
83f9e943-e664-11e1-a66d-080027ef73ecfetchmail -- two vulnerabilities in NTLM authentication

Matthias Andree reports:

With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV.

Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts' data.


Discovery 2012-08-12
Entry 2012-08-14
Modified 2012-08-27
fetchmail
ge 5.0.8 lt 6.3.22

CVE-2012-3482
83f9e943-e664-11e1-a66d-080027ef73ecfetchmail -- two vulnerabilities in NTLM authentication

Matthias Andree reports:

With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV.

Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location, betraying confidential data. It is deemed hard, although not impossible, to steal other accounts' data.


Discovery 2012-08-12
Entry 2012-08-14
Modified 2012-08-27
fetchmail
ge 5.0.8 lt 6.3.22

CVE-2012-3482
18ce9a90-f269-11e1-be53-080027ef73ecfetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports:

Fetchmail version 6.3.9 enabled "all SSL workarounds" (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case.

Stream ciphers (such as RC4) are unaffected.

Credits to Apple Product Security for reporting this.


Discovery 2012-01-19
Entry 2012-08-30
fetchmail
ge 6.3.9 lt 6.3.22

CVE-2011-3389