Bugtraq mailing list archives
rPSA-2007-0003-1 fetchmail
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 09 Jan 2007 13:44:09 -0500
rPath Security Advisory: 2007-0003-1 Published: 2007-01-09 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Information Exposure Updated Versions: fetchmail=/conary.rpath.com@rpl:devel//1/6.3.6-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 https://issues.rpath.com/browse/RPL-919 Description: Previous versions of the fetchmail package inappropriately send passwords in clear text rather than encrypted, allowing attackers to read the password from network traffic. They also may not detect man-in-the-middle attacks. Because email passwords are often the same as login passwords, this may indirectly enable remote unauthorized access.
Current thread:
- rPSA-2007-0003-1 fetchmail rPath Update Announcements (Jan 09)