Search for packages
| purl | pkg:deb/debian/fetchmail@4.3.9-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13kz-a8m4-huht
Aliases: CVE-2007-1558 |
Gaëtan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal settings it could take several hours for the attacker to gather enough data to recover just a few characters of the password. This result was presented at the Fast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of Electro-Communications claimed that a variant on the same hash-collision attack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this technique by stricter enforcement of the Message-ID format used by APOP.POP mail accounts which do not use any authentication are common and in the same hypothetical situation the password could be recovered immediately without any special programming on the attacker's part. |
Affected by 6 other vulnerabilities. |
|
VCID-4dp4-gx3r-pyaw
Aliases: CVE-2005-3088 |
Affected by 9 other vulnerabilities. |
|
|
VCID-4snh-fa12-wkfu
Aliases: CVE-2006-5974 |
Affected by 9 other vulnerabilities. |
|
|
VCID-7zga-35jt-h3d9
Aliases: CVE-2009-2666 |
Affected by 3 other vulnerabilities. |
|
|
VCID-8cky-9rwk-2yf9
Aliases: CVE-2006-5867 |
Affected by 9 other vulnerabilities. |
|
|
VCID-9y1x-vwxs-1keq
Aliases: CVE-2003-0792 |
Affected by 15 other vulnerabilities. |
|
|
VCID-a1n2-j65b-uubu
Aliases: CVE-2010-1167 |
fetchmail: denial of service in debug mode with multichar locales |
Affected by 3 other vulnerabilities. |
|
VCID-a4f6-jyda-byeu
Aliases: CVE-2002-1175 |
Affected by 15 other vulnerabilities. |
|
|
VCID-bz7t-m2xq-n7bc
Aliases: CVE-2008-2711 |
fetchmail: Crash in large log messages in verbose mode |
Affected by 6 other vulnerabilities. |
|
VCID-d2yz-37rb-jkct
Aliases: CVE-2012-3482 |
fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the initial request |
Affected by 1 other vulnerability. |
|
VCID-djfg-pkur-xbf7
Aliases: CVE-2021-36386 |
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. |
Affected by 1 other vulnerability. |
|
VCID-fa4k-7efq-7bh4
Aliases: CVE-2010-0562 |
fetchmail: (verbose mode) Heap overflow by formating byte string into its printable representation |
Affected by 3 other vulnerabilities. |
|
VCID-h8fv-17wg-f3bd
Aliases: CVE-2005-4348 |
Affected by 9 other vulnerabilities. |
|
|
VCID-paah-jg52-3ya7
Aliases: CVE-2002-1174 |
Affected by 15 other vulnerabilities. |
|
|
VCID-pku9-d5f9-aqhe
Aliases: CVE-2007-4565 |
Affected by 6 other vulnerabilities. |
|
|
VCID-rgpd-kqhw-9yhy
Aliases: CVE-2006-0321 |
Affected by 9 other vulnerabilities. |
|
|
VCID-saux-yh46-puc5
Aliases: CVE-2005-2335 |
Affected by 9 other vulnerabilities. |
|
|
VCID-xt94-557s-gkc5
Aliases: CVE-2002-1365 |
Affected by 15 other vulnerabilities. |
|
|
VCID-y9he-nhhy-jbhs
Aliases: CVE-2011-1947 |
fetchmail: Application hang due unguarded blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01) |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||