FreeBSD : fetchmail -- TLS enforcement problem/MITM attack/password exposure (5238ac45-9d8c-11db-858b-0060084a00e5)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthias Andree reports :

Fetchmail has had several longstanding password disclosure
vulnerabilities.

- sslcertck/sslfingerprint options should have implied 'sslproto tls1'
in order to enforce TLS negotiation, but did not.

- Even with 'sslproto tls1' in the config, fetches would go ahead in
plain text if STLS/STARTTLS wasn't available (not advertised, or
advertised but rejected).

- POP3 fetches could completely ignore all TLS options whether
available or not because it didn't reliably issue CAPA before checking
for STLS support - but CAPA is a requisite for STLS. Whether or not
CAPAbilities were probed, depended on the 'auth' option. (Fetchmail
only tried CAPA if the auth option was not set at all, was set to
gssapi, kerberos, kerberos_v4, otp, or cram-md5.)

- POP3 could fall back to using plain text passwords, even if strong
authentication had been configured.

- POP2 would not complain if strong authentication or TLS had been
requested.

See also :

http://www.fetchmail.info/fetchmail-SA-2006-02.txt
http://www.nessus.org/u?2579acb7

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23987 (freebsd_pkg_5238ac459d8c11db858b0060084a00e5.nasl)

Bugtraq ID:

CVE ID: CVE-2006-5867

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now