Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-39272
HistoryAug 30, 2021 - 12:00 a.m.

CVE-2021-39272

2021-08-3000:00:00
ubuntu.com
ubuntu.com
10

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.7%

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in
some circumstances, such as a certain situation with IMAP and PREAUTH.

Bugs

Notes

Author Note
sbeattie when backporting, upstream is asking to make sure we update documentation covering the fixes as well
mdeslaur only an issue with IMAP PREAUTH sessions and STARTTLS. It is recommended to switch to implicit TLS

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.7%