CVE-2006-5867 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2006-5867

CVE-2006-5867

January 09, 2007

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

Related Resources (38)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566

http://docs.info.apple.com/article.html?artnum=305391

http://security.gentoo.org/glsa/glsa-200701-13.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:016

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html

http://www.securityfocus.com/archive/1/456115/100/0/threaded

http://www.securityfocus.com/archive/1/460528/100/0/threaded

http://fedoranews.org/cms/node/2429

http://secunia.com/advisories/24284

http://www.debian.org/security/2007/dsa-1259

http://www.trustix.org/errata/2007/0007

http://www.securityfocus.com/bid/21903

http://secunia.com/advisories/23714

http://www.us-cert.gov/cas/techalerts/TA07-109A.html

http://secunia.com/advisories/24174

http://secunia.com/advisories/24151

http://www.novell.com/linux/security/advisories/2007_4_sr.html

http://secunia.com/advisories/24966

http://osvdb.org/31580

http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

http://www.vupen.com/english/advisories/2007/0088

http://www.ubuntu.com/usn/usn-405-1

http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt

http://secunia.com/advisories/23695

http://secunia.com/advisories/23923

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

http://secunia.com/advisories/24007

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995

http://securitytracker.com/id?1017478

http://www.vupen.com/english/advisories/2007/1470

http://secunia.com/advisories/23838

https://people.canonical.com/~ubuntu-security/cve/CVE-2006-5867

http://secunia.com/advisories/23631

http://www.redhat.com/support/errata/RHSA-2007-0018.html

http://www.vupen.com/english/advisories/2007/0087

http://secunia.com/advisories/23781

http://secunia.com/advisories/23804

https://issues.rpath.com/browse/RPL-919

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

CVSS v2

Base Score:

7.8

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

Weakness Type (CWE)

Improper Input Validation

CWE-20

EPSS

Base Score:

6.69

Products

Solutions

Resources

Company

Compare

Developer Tools