CVE-2006-5867 — Improper Input Validation in Fetchmail

CWE-20 — Improper Input Validation8 documents7 sources

Severity

7.8HIGHNVD

EPSS

6.7%

top 8.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedDec 31

Latest updateMay 3

Description

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.3.6-1 (bookworm)

▶Debianfetchmail/fetchmail< 6.3.6-1+2

▶NVDfetchmail/fetchmail6.3.6+99

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cq85-qr6h-4x5p: fetchmail before 6↗2022-05-03

▶

OSV

CVE-2006-5867: fetchmail before 6↗2006-12-31

▶

📋Vendor Advisories

Ubuntu

fetchmail vulnerability↗2007-01-11

▶

Red Hat

fetchmail not enforcing TLS for POP3 properly↗2007-01-04

▶

Debian

CVE-2006-5867: fetchmail - fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleart...↗2006

▶

💬Community

Bugzilla

CVE-2006-5867 fetchmail not enforcing TLS for POP3 properly↗2007-01-09

▶

Bugzilla

CVE-2006-5867 fetchmail not enforcing TLS for POP3 properly↗2007-01-09

▶