rPath Security Advisory: 2007-0003-1 Published: 2007-01-09 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Information Exposure Updated Versions: fetchmail=/[EMAIL PROTECTED]:devel//1/6.3.6-0.1-1
References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 https://issues.rpath.com/browse/RPL-919 Description: Previous versions of the fetchmail package inappropriately send passwords in clear text rather than encrypted, allowing attackers to read the password from network traffic. They also may not detect man-in-the-middle attacks. Because email passwords are often the same as login passwords, this may indirectly enable remote unauthorized access. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/