Published: 31/12/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

fetchmail prior to 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote malicious users to obtain sensitive information via man-in-the-middle (MITM) attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fetchmail fetchmail 6.3.1
fetchmail fetchmail 6.2.5.4
fetchmail fetchmail 6.2.1
fetchmail fetchmail 6.2.0
fetchmail fetchmail 5.9.5
fetchmail fetchmail 5.9.4
fetchmail fetchmail 5.8.1
fetchmail fetchmail 5.8
fetchmail fetchmail 5.5.2
fetchmail fetchmail 5.5.0
fetchmail fetchmail 5.3.0
fetchmail fetchmail 5.2.8
fetchmail fetchmail 5.0.8
fetchmail fetchmail 5.0.7
fetchmail fetchmail 5.0.0
fetchmail fetchmail 4.7.7
fetchmail fetchmail 4.7.0
fetchmail fetchmail 4.6.9
fetchmail fetchmail 4.6.8
fetchmail fetchmail 4.6.1
fetchmail fetchmail 4.6.0
fetchmail fetchmail 4.5.2
fetchmail fetchmail 4.5.1
fetchmail fetchmail 5.8.17
fetchmail fetchmail 6.2.5.1
fetchmail fetchmail 6.2.9
fetchmail fetchmail 6.2.5.2
fetchmail fetchmail 6.3.0
fetchmail fetchmail 6.2.6
fetchmail fetchmail 6.2.5
fetchmail fetchmail 5.9.13
fetchmail fetchmail 5.9.11
fetchmail fetchmail 5.8.11
fetchmail fetchmail 5.8.5
fetchmail fetchmail 5.8.4
fetchmail fetchmail 5.6.0
fetchmail fetchmail 5.5.6
fetchmail fetchmail 5.4.3
fetchmail fetchmail 5.3.8
fetchmail fetchmail 5.2.1
fetchmail fetchmail 5.2.0
fetchmail fetchmail 5.0.4
fetchmail fetchmail 5.0.3
fetchmail fetchmail 4.7.4
fetchmail fetchmail 4.7.3
fetchmail fetchmail 4.6.5
fetchmail fetchmail 4.6.4
fetchmail fetchmail 4.5.6
fetchmail fetchmail 4.5.5
fetchmail fetchmail 6.3.6
fetchmail fetchmail 6.2.4
fetchmail fetchmail 6.1.0
fetchmail fetchmail 6.0.0
fetchmail fetchmail 5.8.14
fetchmail fetchmail 5.8.13
fetchmail fetchmail 5.7.2
fetchmail fetchmail 5.7.0
fetchmail fetchmail 5.4.5
fetchmail fetchmail 5.4.4
fetchmail fetchmail 5.2.7
fetchmail fetchmail 5.2.4
fetchmail fetchmail 5.2.3
fetchmail fetchmail 5.0.6
fetchmail fetchmail 5.0.5
fetchmail fetchmail 4.7.6
fetchmail fetchmail 4.7.5
fetchmail fetchmail 4.6.7
fetchmail fetchmail 4.6.6
fetchmail fetchmail 4.5.8
fetchmail fetchmail 4.5.7
fetchmail fetchmail 5.9.0
fetchmail fetchmail 6.3.4
fetchmail fetchmail 5.4.0
fetchmail fetchmail
fetchmail fetchmail 6.3.5
fetchmail fetchmail 6.3.3
fetchmail fetchmail 6.3.2
fetchmail fetchmail 6.2.3
fetchmail fetchmail 6.2.2
fetchmail fetchmail 5.9.10
fetchmail fetchmail 5.9.8
fetchmail fetchmail 5.8.3
fetchmail fetchmail 5.8.2
fetchmail fetchmail 5.5.5
fetchmail fetchmail 5.5.3
fetchmail fetchmail 5.3.3
fetchmail fetchmail 5.3.1
fetchmail fetchmail 5.1.4
fetchmail fetchmail 5.1.0
fetchmail fetchmail 5.0.2
fetchmail fetchmail 5.0.1
fetchmail fetchmail 4.7.2
fetchmail fetchmail 4.7.1
fetchmail fetchmail 4.6.3
fetchmail fetchmail 4.6.2
fetchmail fetchmail 4.5.4
fetchmail fetchmail 4.5.3
fetchmail fetchmail 6.1.3
fetchmail fetchmail 5.8.6
fetchmail fetchmail 5.7.4

It was discovered that fetchmail did not correctly require TLS negotiation in certain situations This would result in a user’s unencrypted password being sent across the network ...

Isaac Wilcox discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure For the stable distribution (sarge) this problem has been fixed in version 625-12sarge5 For the upcoming stable distribution (etch) this problem has been fixed in ...

Get Started

CVE-2006-5867

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect