Veracode Vulnerability DatabaseVERACODE:23058Information Disclosure
EPSS
Percentile
94.6%
fetchmail is vulnerable to information disclosure. A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user’s authentication credentials.
References
balsa.gnome.org/download.html
docs.info.apple.com/article.html?artnum=305530
fetchmail.berlios.de/fetchmail-SA-2007-01.txt
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
lists.apple.com/archives/security-announce/2007/May/msg00004.html
mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
secunia.com/advisories/25353
secunia.com/advisories/25402
secunia.com/advisories/25476
secunia.com/advisories/25496
secunia.com/advisories/25529
secunia.com/advisories/25534
secunia.com/advisories/25546
secunia.com/advisories/25559
secunia.com/advisories/25664
secunia.com/advisories/25750
secunia.com/advisories/25798
secunia.com/advisories/25858
secunia.com/advisories/25894
secunia.com/advisories/26083
secunia.com/advisories/26415
secunia.com/advisories/35699
security.gentoo.org/glsa/glsa-200706-06.xml
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
sourceforge.net/forum/forum.php?forum_id=683706
sylpheed.sraoss.jp/en/news.html
www.claws-mail.org/news.php
www.debian.org/security/2007/dsa-1300
www.debian.org/security/2007/dsa-1305
www.mandriva.com/security/advisories?name=MDKSA-2007:105
www.mandriva.com/security/advisories?name=MDKSA-2007:107
www.mandriva.com/security/advisories?name=MDKSA-2007:113
www.mandriva.com/security/advisories?name=MDKSA-2007:119
www.mandriva.com/security/advisories?name=MDKSA-2007:131
www.mozilla.org/security/announce/2007/mfsa2007-15.html
www.novell.com/linux/security/advisories/2007_14_sr.html
www.novell.com/linux/security/advisories/2007_36_mozilla.html
www.openwall.com/lists/oss-security/2009/08/15/1
www.openwall.com/lists/oss-security/2009/08/18/1
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2007-0344.html
www.redhat.com/support/errata/RHSA-2007-0353.html
www.redhat.com/support/errata/RHSA-2007-0385.html
www.redhat.com/support/errata/RHSA-2007-0386.html
www.redhat.com/support/errata/RHSA-2007-0401.html
www.redhat.com/support/errata/RHSA-2007-0402.html
www.redhat.com/support/errata/RHSA-2009-1140.html
www.securityfocus.com/archive/1/464477/30/0/threaded
www.securityfocus.com/archive/1/464569/100/0/threaded
www.securityfocus.com/archive/1/470172/100/200/threaded
www.securityfocus.com/archive/1/471455/100/0/threaded
www.securityfocus.com/archive/1/471720/100/0/threaded
www.securityfocus.com/archive/1/471842/100/0/threaded
www.securityfocus.com/bid/23257
www.securitytracker.com/id?1018008
www.trustix.org/errata/2007/0019/
www.trustix.org/errata/2007/0024/
www.ubuntu.com/usn/usn-469-1
www.ubuntu.com/usn/usn-520-1
www.us-cert.gov/cas/techalerts/TA07-151A.html
www.vupen.com/english/advisories/2007/1466
www.vupen.com/english/advisories/2007/1467
www.vupen.com/english/advisories/2007/1468
www.vupen.com/english/advisories/2007/1480
www.vupen.com/english/advisories/2007/1939
www.vupen.com/english/advisories/2007/1994
www.vupen.com/english/advisories/2007/2788
www.vupen.com/english/advisories/2008/0082
access.redhat.com/errata/RHSA-2007:0385
issues.rpath.com/browse/RPL-1231
issues.rpath.com/browse/RPL-1232
issues.rpath.com/browse/RPL-1424
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
Related
