Executive Summary
Summary | |
---|---|
Title | fetchmail vulnerability |
Informations | |||
---|---|---|---|
Name | USN-405-1 | First vendor Publication | 2007-01-11 |
Vendor | Ubuntu | Last vendor Modification | 2007-01-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network. If fetchmail has been configured to use the "sslproto tls1", "sslcertck", or "sslfingerprint" options with a server that does not correctly support TLS negotiation, this update may cause fetchmail to (correctly) abort authentication. |
Original Source
Url : http://www.ubuntu.com/usn/USN-405-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10566 | |||
Oval ID: | oval:org.mitre.oval:def:10566 | ||
Title: | fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | ||
Description: | fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5867 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for fetchmail File : nvt/sles9p5012567.nasl |
2009-04-09 | Name : Mandriva Update for fetchmail MDKSA-2007:016 (fetchmail) File : nvt/gb_mandriva_MDKSA_2007_016.nasl |
2009-03-23 | Name : Ubuntu Update for fetchmail vulnerability USN-405-1 File : nvt/gb_ubuntu_USN_405_1.nasl |
2009-02-27 | Name : Fedora Update for fetchmail FEDORA-2007-041 File : nvt/gb_fedora_2007_041_fetchmail_fc5.nasl |
2009-02-27 | Name : Fedora Update for fetchmail FEDORA-2007-042 File : nvt/gb_fedora_2007_042_fetchmail_fc6.nasl |
2009-01-28 | Name : SuSE Update for XFree86-server,xorg-x11-server,xloader SUSE-SA:2007:008 File : nvt/gb_suse_2007_008.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-13 (fetchmail) File : nvt/glsa_200701_13.nasl |
2008-09-04 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail7.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1259-1 (fetchmail) File : nvt/deb_1259_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-024-01 fetchmail File : nvt/esoft_slk_ssa_2007_024_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31580 | Fetchmail TLS Enforcement Cleartext Credential Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0018.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fetchmail-2608.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-405-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_fetchmail-2602.nasl - Type : ACT_GATHER_INFO |
2007-04-21 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2007-004.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-024-01.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-016.nasl - Type : ACT_GATHER_INFO |
2007-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1259.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0018.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0018.nasl - Type : ACT_GATHER_INFO |
2007-01-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-13.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-041.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-042.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5238ac459d8c11db858b0060084a00e5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:05 |
|