Mandrake Linux Security Advisory : fetchmail (MDKSA-2007:016)
High Nessus Plugin ID 24631
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionFetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected fetchmail, fetchmail-daemon and / or fetchmailconf packages.