7.8

CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Updaterc3 Version <= 6.3.6
FetchmailFetchmail Version4.5.1
FetchmailFetchmail Version4.5.2
FetchmailFetchmail Version4.5.3
FetchmailFetchmail Version4.5.4
FetchmailFetchmail Version4.5.5
FetchmailFetchmail Version4.5.6
FetchmailFetchmail Version4.5.7
FetchmailFetchmail Version4.5.8
FetchmailFetchmail Version4.6.0
FetchmailFetchmail Version4.6.1
FetchmailFetchmail Version4.6.2
FetchmailFetchmail Version4.6.3
FetchmailFetchmail Version4.6.4
FetchmailFetchmail Version4.6.5
FetchmailFetchmail Version4.6.6
FetchmailFetchmail Version4.6.7
FetchmailFetchmail Version4.6.8
FetchmailFetchmail Version4.6.9
FetchmailFetchmail Version4.7.0
FetchmailFetchmail Version4.7.1
FetchmailFetchmail Version4.7.2
FetchmailFetchmail Version4.7.3
FetchmailFetchmail Version4.7.4
FetchmailFetchmail Version4.7.5
FetchmailFetchmail Version4.7.6
FetchmailFetchmail Version4.7.7
FetchmailFetchmail Version5.0.0
FetchmailFetchmail Version5.0.1
FetchmailFetchmail Version5.0.2
FetchmailFetchmail Version5.0.3
FetchmailFetchmail Version5.0.4
FetchmailFetchmail Version5.0.5
FetchmailFetchmail Version5.0.6
FetchmailFetchmail Version5.0.7
FetchmailFetchmail Version5.0.8
FetchmailFetchmail Version5.1.0
FetchmailFetchmail Version5.1.4
FetchmailFetchmail Version5.2.0
FetchmailFetchmail Version5.2.1
FetchmailFetchmail Version5.2.3
FetchmailFetchmail Version5.2.4
FetchmailFetchmail Version5.2.7
FetchmailFetchmail Version5.2.8
FetchmailFetchmail Version5.3.0
FetchmailFetchmail Version5.3.1
FetchmailFetchmail Version5.3.3
FetchmailFetchmail Version5.3.8
FetchmailFetchmail Version5.4.0
FetchmailFetchmail Version5.4.3
FetchmailFetchmail Version5.4.4
FetchmailFetchmail Version5.4.5
FetchmailFetchmail Version5.5.0
FetchmailFetchmail Version5.5.2
FetchmailFetchmail Version5.5.3
FetchmailFetchmail Version5.5.5
FetchmailFetchmail Version5.5.6
FetchmailFetchmail Version5.6.0
FetchmailFetchmail Version5.7.0
FetchmailFetchmail Version5.7.2
FetchmailFetchmail Version5.7.4
FetchmailFetchmail Version5.8
FetchmailFetchmail Version5.8.1
FetchmailFetchmail Version5.8.2
FetchmailFetchmail Version5.8.3
FetchmailFetchmail Version5.8.4
FetchmailFetchmail Version5.8.5
FetchmailFetchmail Version5.8.6
FetchmailFetchmail Version5.8.11
FetchmailFetchmail Version5.8.13
FetchmailFetchmail Version5.8.14
FetchmailFetchmail Version5.8.17
FetchmailFetchmail Version5.9.0
FetchmailFetchmail Version5.9.4
FetchmailFetchmail Version5.9.5
FetchmailFetchmail Version5.9.8
FetchmailFetchmail Version5.9.10
FetchmailFetchmail Version5.9.11
FetchmailFetchmail Version5.9.13
FetchmailFetchmail Version6.0.0
FetchmailFetchmail Version6.1.0
FetchmailFetchmail Version6.1.3
FetchmailFetchmail Version6.2.0
FetchmailFetchmail Version6.2.1
FetchmailFetchmail Version6.2.2
FetchmailFetchmail Version6.2.3
FetchmailFetchmail Version6.2.4
FetchmailFetchmail Version6.2.5
FetchmailFetchmail Version6.2.5.1
FetchmailFetchmail Version6.2.5.2
FetchmailFetchmail Version6.2.5.4
FetchmailFetchmail Version6.2.6 Updatepre4
FetchmailFetchmail Version6.2.6 Updatepre8
FetchmailFetchmail Version6.2.6 Updatepre9
FetchmailFetchmail Version6.2.9 Updaterc10
FetchmailFetchmail Version6.2.9 Updaterc3
FetchmailFetchmail Version6.2.9 Updaterc4
FetchmailFetchmail Version6.2.9 Updaterc5
FetchmailFetchmail Version6.2.9 Updaterc7
FetchmailFetchmail Version6.2.9 Updaterc8
FetchmailFetchmail Version6.2.9 Updaterc9
FetchmailFetchmail Version6.3.0
FetchmailFetchmail Version6.3.1
FetchmailFetchmail Version6.3.2
FetchmailFetchmail Version6.3.3
FetchmailFetchmail Version6.3.4
FetchmailFetchmail Version6.3.5
FetchmailFetchmail Version6.3.6 Updaterc1
FetchmailFetchmail Version6.3.6 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.26% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:C/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://secunia.com/advisories/24007
Vendor Advisory
http://secunia.com/advisories/24284
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0018.html
http://docs.info.apple.com/article.html?artnum=305391
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://secunia.com/advisories/24966
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/1470
http://fedoranews.org/cms/node/2429
http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
http://osvdb.org/31580
http://secunia.com/advisories/23631
Vendor Advisory
http://secunia.com/advisories/23695
Vendor Advisory
http://secunia.com/advisories/23714
Vendor Advisory
http://secunia.com/advisories/23781
Vendor Advisory
http://secunia.com/advisories/23804
Vendor Advisory
http://secunia.com/advisories/23838
Vendor Advisory
http://secunia.com/advisories/23923
Vendor Advisory
http://secunia.com/advisories/24151
Vendor Advisory
http://secunia.com/advisories/24174
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-13.xml
http://securitytracker.com/id?1017478
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995
http://www.debian.org/security/2007/dsa-1259
http://www.mandriva.com/security/advisories?name=MDKSA-2007:016
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html
http://www.securityfocus.com/archive/1/456115/100/0/threaded
http://www.securityfocus.com/archive/1/460528/100/0/threaded
http://www.securityfocus.com/bid/21903
Patch
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-405-1
http://www.vupen.com/english/advisories/2007/0087
http://www.vupen.com/english/advisories/2007/0088
https://issues.rpath.com/browse/RPL-919
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566