CVE-2006-5867 — fetchmail

Description

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

How to fix CVE-2006-5867

To remediate CVE-2006-5867, upgrade the affected package to a fixed version below.

Debian/fetchmail—upgrade to 6.3.6-1 or later
Debian/fetchmail—upgrade to 6.2.5-12sarge5 or later

Is CVE-2006-5867 being exploited?

Moderate — EPSS is 6.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 6.3.6-1
from 0, < 6.2.5-12sarge5

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5867