61 matches found
Design/Logic Flaw
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certifica...
Information disclosure
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...
CVE-2014-7275
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate...
CVE-2014-7274
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certifica...
Information disclosure
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate...
CVE-2014-7275
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate...
CVE-2014-7273
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...
CVE-2014-7275
CVE-2014-7275 affects getmail 4.0.0–4.44.0, where POP3-over-SSL does not verify X.509 certificates from SSL servers, enabling MITM with crafted certificates to spoof POP3 servers and obtain sensitive data. Debian and other advisories note upgrades to 4.46.0 (e.g., 4.46.0-1~deb6u1) as the fix; Ope...
CVE-2014-7274
The CVE-2014-7274 issue affects getmail’s IMAP-over-SSL in version 4.44.0, where the client does not verify that the server’s hostname matches the CN in the X.509 certificate. This enables man-in-the-middle attacks to spoof IMAP servers and obtain sensitive data via a crafted certificate from a C...
CVE-2014-7275
Removed by vendor...
CVE-2014-7274
Removed by vendor...
CVE-2014-7273
Removed by vendor...
CVE-2014-7273
CVE-2014-7273 affects getmail up to version 4.43.0, where IMAP-over-SSL does not verify X.509 certificates, enabling MITM attacks and potential disclosure of sensitive data. Remediation: upgrade to getmail 4.46.0 (or newer, e.g., 4.46.0-1/4.46.0-1~deb6u1 per Debian) where the issue is fixed. Rela...
Slackware Advisory SSA:2004-278-01 getmail
The remote host is missing an update as announced via advisory SSA:2004-278-01. OpenVAS Vulnerability Test $Id: esoftslkssa200427801.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...
Slackware: Security Advisory (SSA:2004-278-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : getmail -- symlink vulnerability during maildir delivery (8c33b299-163b-11d9-ac1b-000d614f7fad)
David Watson reports a symlink vulnerability in getmail. If run as root not the recommended mode of operation, a local user may be able to cause getmail to write files in arbitrary directories via a symlink attack on subdirectories of the maildir. %NASLMINLEVEL 70300 C Tenable Network Security,...
Gentoo Security Advisory GLSA 200409-32 (getmail)
The remote host is missing updates announced in advisory GLSA 200409-32. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200409-32 (getmail)
The remote host is missing updates announced in advisory GLSA 200409-32. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: getmail
The remote host is missing an update to the system as announced in the referenced advisory. VID 8c33b299-163b-11d9-ac1b-000d614f7fad OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: getmail
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...