SUSE CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...

SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:3493-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3493-1 advisory. - Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

Mandriva Update for fetchmail MDVSA-2010:037 (fetchmail)

Check for the Version of fetchmail OpenVAS Vulnerability Test Mandriva Update for fetchmail MDVSA-2010:037 fetchmail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

SLES10: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references...

SLES10: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references...

SLES11: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf More details may also be found by searching for the SuSE Enterprise Server 11 patch database linked in the references...

SLES9: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 505530...

SLES9: Security update for fetchmail

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: fetchmail fetchmailconf For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 505530...

Gentoo Security Advisory GLSA 200511-06 (fetchmail)

The remote host is missing updates announced in advisory GLSA 200511-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Debian Security Advisory DSA 900-2 (fetchmail)

The remote host is missing an update to fetchmail announced via advisory DSA 900-2. Due to restrictive dependency definition the updated fetchmailconf package couldn't be installed on the old stable distribution woody together with fetchmail-ssl. Hence, this update loosens it, so that the update...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:016)

Fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks. The updated packages have been patched to correct th...

fetchmail security announcement 2006-02 (CVE-2006-5867)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2006-02: TLS enforcement problem/MITM attack/password exposure Topics: fetchmail cannot enforce TLS Author: Matthias Andree Version: 1.0 Announced: 2007-01-04 Type: secret information disclosure Impact: fetchmail can expose cleartext...

Debian DSA-900-3 : fetchmail - programming error

Due to restrictive dependency definition for fetchmail-ssl the updated fetchmailconf package couldn't be installed on the old stable distribution woody together with fetchmail-ssl. Hence, this update loosens it, so that the update can be pulled in. For completeness we're including the original...

FreeBSD : fetchmail -- fetchmailconf local password exposure (baf74e0b-497a-11da-a4f4-0060084a00e5)

The fetchmail team reports : The fetchmailconf program before and excluding version 1.49 opened the run control file, wrote the configuration to it, and only then changed the mode to 0600 rw-------. Writing the file, which usually contains passwords, before making it unreadable to other users, ca...

[VulnWatch] fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)

fetchmail-SA-2006-01: crash when bouncing messages. Topics: 1 crash when bouncing a message 2 fetchmail 6.2.5.X end of life Author: Matthias Andree Version: 1.0 Announced: 2006-01-22 Type: free with bogus pointer Impact: fetchmail crashes Danger: low Credits: Nathaniel W. Turner bug report CVE...

Ubuntu 4.10 / 5.04 / 5.10 : fetchmail vulnerability (USN-215-1)

Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2005:209)

Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. fetchmailconf would create the initial output configuration file with insecure permissions and only after writing would it change permissions to be more restrictive. During that time, passwords and other dat...

[SECURITY] [DSA 939-1] New fetchmail packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 939-1 [email protected] http://www.debian.org/security/ Martin Schulze January 13th, 2006 http://www.debian.org/security/faq -...