CVE-2006-5867 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5867
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5867

Description: fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-405-1 TRUSTIX http://www.trustix.org/errata/2007/0007 SUSE http://www.novell.com/linux/security/advisories/2007_4_sr.html ST 1017478 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995 SGI SAID Secunia Advisory: SA24007 Secunia Advisory: SA23923 Secunia Advisory: SA23838 Secunia Advisory: SA23804 Secunia Advisory: SA23781 Secunia Advisory: SA23714 Secunia Advisory: SA23695 Secunia Advisory: SA23631 Secunia Advisory: SA24151 Secunia Advisory: SA24174 Secunia Advisory: SA24966 Secunia Advisory: SA24284 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0018.html OSVDB 31580 OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:016 GENTOO http://security.gentoo.org/glsa/glsa-200701-13.xml FEDORA http://fedoranews.org/cms/node/2429 DEBIAN http://www.debian.org/security/2007/dsa-1259 CONFIRM http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt http://docs.info.apple.com/article.html?artnum=305391 CERT http://www.us-cert.gov/cas/techalerts/TA07-109A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/460528/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/456115/100/0/threaded BID 21903 APPLE http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

Return to the previous page.