Ubuntu Update For Fetchmail Vulnerability USN-405-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-405-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network. If fetchmail has been configured to use the &quot sslproto tls1&quot , &quot sslcertck&quot , or &quot sslfingerprint&quot options with a server that does not correctly support TLS negotiation, this update may cause fetchmail to (correctly) abort authentication.

Affected

fetchmail vulnerability on Ubuntu 5.10 , Ubuntu 6.06 LTS , Ubuntu 6.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-January/000464.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-5867
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1
Ubuntu Update for cups, cupsys vulnerability USN-1012-1
Ubuntu Update for cupsys vulnerabilities USN-598-1
Ubuntu Update for djvulibre USN-2056-1
Ubuntu Update for ca-certificates USN-1197-5

Ubuntu Update for fetchmail vulnerability USN-405-1

Take action and discover your vulnerabilities