FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5867

This CVE name corresponds to:

Entered Topic
2007-01-06 fetchmail -- TLS enforcement problem/MITM attack/password exposure

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5867 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5867
Phase Assigned(20061114)

Description

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

References

Source Reference
BUGTRAQ 20070105 fetchmail security announcement 2006-02 (CVE-2006-5867)
BUGTRAQ 20070218 Re: [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure
CONFIRM http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
CONFIRM https://issues.rpath.com/browse/RPL-919
CONFIRM http://docs.info.apple.com/article.html?artnum=305391
APPLE APPLE-SA-2007-04-19
DEBIAN DSA-1259
FEDORA FEDORA-2007-041
GENTOO GLSA-200701-13
MANDRIVA MDKSA-2007:016
OPENPKG OpenPKG-SA-2007.004
REDHAT RHSA-2007:0018
SGI 20070201-01-P
SLACKWARE SSA:2007-024-01
SUSE SUSE-SR:2007:004
TRUSTIX 2007-0007
UBUNTU USN-405-1
CERT TA07-109A
BID 21903
OVAL oval:org.mitre.oval:def:10566
VUPEN ADV-2007-0087
VUPEN ADV-2007-0088
VUPEN ADV-2007-1470
OSVDB 31580
SECTRACK 1017478
SECUNIA 23631
SECUNIA 23695
SECUNIA 23714
SECUNIA 23781
SECUNIA 23804
SECUNIA 23838
SECUNIA 23923
SECUNIA 24007
SECUNIA 24151
SECUNIA 24174
SECUNIA 24966
SECUNIA 24284

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.