Vulnerability Description
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fetchmail | Fetchmail | <= 6.3.6 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://docs.info.apple.com/article.html?artnum=305391
- http://fedoranews.org/cms/node/2429
- http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
- http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
- http://osvdb.org/31580
- http://secunia.com/advisories/23631Vendor Advisory
- http://secunia.com/advisories/23695Vendor Advisory
- http://secunia.com/advisories/23714Vendor Advisory
- http://secunia.com/advisories/23781Vendor Advisory
- http://secunia.com/advisories/23804Vendor Advisory
- http://secunia.com/advisories/23838Vendor Advisory
- http://secunia.com/advisories/23923Vendor Advisory
- http://secunia.com/advisories/24007Vendor Advisory
- http://secunia.com/advisories/24151Vendor Advisory
FAQ
What is CVE-2006-5867?
CVE-2006-5867 is a vulnerability with a CVSS score of 7.8 (HIGH). fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive inf...
How severe is CVE-2006-5867?
CVE-2006-5867 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5867?
Check the references section above for vendor advisories and patch information. Affected products include: Fetchmail Fetchmail.