CVE-2006-5867

EPSS 6.7%

fetchmail

Published: 12/31/2006Modified: 4/28/2026

Description

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

Affected packages (2)

Debian/fetchmailfrom 0, < 6.3.6-1
Debian/fetchmailfrom 0, < 6.2.5-12sarge5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-5867