Date: Mon, 27 Aug 2012 17:44:23 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r303238 - in head: mail/fetchmail mail/fetchmail/files security/vuxml Message-ID: <201208271744.q7RHiN04033035@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Mon Aug 27 17:44:23 2012 New Revision: 303238 URL: http://svn.freebsd.org/changeset/ports/303238 Log: Update fetchmail to 6.3.21_1, fixing CVE-2012-3482. Adjust VuXML database entry from < 6.3.22 to < 6.3.21_1. PR: ports/170613 Approved by: maintainer timeout (14 days) Security: http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html Security: CVE-2012-3482 Added: head/mail/fetchmail/files/patch-CVE-2012-3482 (contents, props changed) Modified: head/mail/fetchmail/Makefile (contents, props changed) head/security/vuxml/vuln.xml Modified: head/mail/fetchmail/Makefile ============================================================================== --- head/mail/fetchmail/Makefile Mon Aug 27 17:43:38 2012 (r303237) +++ head/mail/fetchmail/Makefile Mon Aug 27 17:44:23 2012 (r303238) @@ -12,6 +12,7 @@ PORTNAME= fetchmail PORTVERSION= 6.3.21 +PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= BERLIOS/${PORTNAME}/ \ SF/${PORTNAME}/branch_6.3/ \ Added: head/mail/fetchmail/files/patch-CVE-2012-3482 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/fetchmail/files/patch-CVE-2012-3482 Mon Aug 27 17:44:23 2012 (r303238) @@ -0,0 +1,53 @@ +diff --git a/ntlm.h b/ntlm.h +index 1469633..ad83520 100644 +--- a/ntlm.h ++++ b/ntlm.h +@@ -32,8 +32,8 @@ uint32 msgType; + tSmbStrHeader uDomain; + uint32 flags; + uint8 challengeData[8]; +-uint8 reserved[8]; +-tSmbStrHeader emptyString; ++uint32 context[2]; ++tSmbStrHeader targetInfo; + uint8 buffer[1024]; + uint32 bufIndex; + }tSmbNtlmAuthChallenge; +diff --git a/ntlmsubr.c b/ntlmsubr.c +index f9d2733..63cbed8 100644 +--- a/ntlmsubr.c ++++ b/ntlmsubr.c +@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + goto cancelfail; + +- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); ++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0 ++ || result < ((void *)&challenge.context - (void *)&challenge)) ++ { ++ report (stderr, GT_("could not decode BASE64 challenge\n")); ++ /* We do not goto cancelfail; the server has already sent the ++ * tagged reply, so the protocol exchange has ended, no need ++ * for us to send the asterisk. */ ++ return PS_AUTHFAIL; ++ } ++ ++ /* validate challenge: ++ * - ident ++ * - message type ++ * - that offset points into buffer ++ * - that offset + length does not wrap ++ * - that offset + length is not bigger than buffer */ ++ if (0 != memcmp("NTLMSSP", challenge.ident, 8) ++ || challenge.msgType != 2 ++ || challenge.uDomain.offset > result ++ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset ++ || challenge.uDomain.offset + challenge.uDomain.len > result) ++ { ++ report (stderr, GT_("NTLM challenge contains invalid data.\n")); ++ result = PS_AUTHFAIL; ++ goto cancelfail; ++ } + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge); Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Aug 27 17:43:38 2012 (r303237) +++ head/security/vuxml/vuln.xml Mon Aug 27 17:44:23 2012 (r303238) @@ -611,7 +611,7 @@ Note: Please add new entries to the beg <affects> <package> <name>fetchmail</name> - <range><ge>5.0.8</ge><lt>6.3.22</lt></range> + <range><ge>5.0.8</ge><lt>6.3.21_1</lt></range> </package> </affects> <description> @@ -634,6 +634,7 @@ Note: Please add new entries to the beg <dates> <discovery>2012-08-12</discovery> <entry>2012-08-14</entry> + <modified>2012-08-27</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208271744.q7RHiN04033035>