fetchmail is vulnerable to man-in-the-middle attack. It was discovered that fetchmail is affected by the previously published βnull prefix attackβ, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake.
fetchmail.berlios.de/fetchmail-SA-2009-01.txt
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
marc.info/?l=oss-security&m=124949601207156&w=2
osvdb.org/56855
secunia.com/advisories/36175
secunia.com/advisories/36179
secunia.com/advisories/36236
support.apple.com/kb/HT3937
www.debian.org/security/2009/dsa-1852
www.mandriva.com/security/advisories?name=MDVSA-2009:201
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/archive/1/505530/100/0/threaded
www.securityfocus.com/bid/35951
www.securitytracker.com/id?1022679
www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.543463
www.vupen.com/english/advisories/2009/2155
www.vupen.com/english/advisories/2009/3184
access.redhat.com/errata/RHSA-2009:1427
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11059