Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2006-5867

Disclosure Date: December 31, 2006 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

fetchmail

Products

References

Canonical

CVE-2006-5867 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867)

BID-21903 (http://www.securityfocus.com/bid/21903)

Advisory

USN-405-1 (http://www.ubuntu.com/usn/usn-405-1)

SECUNIA-24966 (http://secunia.com/advisories/24966)

OSVDB-31580 (http://osvdb.org/31580)

SECUNIA-23781 (http://secunia.com/advisories/23781)

SECUNIA-24174 (http://secunia.com/advisories/24174)

DSA-1259 (http://www.debian.org/security/2007/dsa-1259)

SECUNIA-23838 (http://secunia.com/advisories/23838)

SECUNIA-24151 (http://secunia.com/advisories/24151)

http://docs.info.apple.com/article.html?artnum=305391

SECUNIA-23714 (http://secunia.com/advisories/23714)

SECUNIA-24284 (http://secunia.com/advisories/24284)

SECUNIA-23631 (http://secunia.com/advisories/23631)

SECUNIA-24007 (http://secunia.com/advisories/24007)

SECUNIA-23804 (http://secunia.com/advisories/23804)

20070105 fetchmail security announcement 2006-02 (CVE-2006-5867) (http://www.securityfocus.com/archive/1/456115/100/0/threaded)

ADV-2007-0088 (http://www.vupen.com/english/advisories/2007/0088)

http://www.novell.com/linux/security/advisories/2007_4_sr.html

TA07-109A (http://www.us-cert.gov/cas/techalerts/TA07-109A.html)

SECUNIA-23695 (http://secunia.com/advisories/23695)

http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2007:016

FEDORA-2007-041 (http://fedoranews.org/cms/node/2429)

SECUNIA-23923 (http://secunia.com/advisories/23923)

20070218 Re: [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure (http://www.securityfocus.com/archive/1/460528/100/0/threaded)

GLSA-200701-13 (http://security.gentoo.org/glsa/glsa-200701-13.xml)

SECTRACK-1017478 (http://securitytracker.com/id?1017478)

https://issues.rpath.com/browse/RPL-919

APPLE-SA-2007-04-19 (http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html)

ADV-2007-1470 (http://www.vupen.com/english/advisories/2007/1470)

ADV-2007-0087 (http://www.vupen.com/english/advisories/2007/0087)

http://www.redhat.com/support/errata/RHSA-2007-0018.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566

Miscellaneous

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995

OpenPKG-SA-2007.004 (http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html)

2007-0007 (http://www.trustix.org/errata/2007/0007)

Rapid7

Technical Analysis