CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

🔗 References (74)

• cve@mitreftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=305391
• cve@mitrehttp://fedoranews.org/cms/node/2429
• cve@mitrehttp://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
• cve@mitrehttp://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
• cve@mitrehttp://osvdb.org/31580
• cve@mitrehttp://secunia.com/advisories/23631
• cve@mitrehttp://secunia.com/advisories/23695
• cve@mitrehttp://secunia.com/advisories/23714
• cve@mitrehttp://secunia.com/advisories/23781
• cve@mitrehttp://secunia.com/advisories/23804
• cve@mitrehttp://secunia.com/advisories/23838
• cve@mitrehttp://secunia.com/advisories/23923
• cve@mitrehttp://secunia.com/advisories/24007
• cve@mitrehttp://secunia.com/advisories/24151