FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- STARTTLS bypass vulnerabilities

Affected packages
fetchmail < 6.4.22.r1

Details

VuXML ID 1d6410e8-06c1-11ec-a35d-03ca114d16d6
Discovery 2021-08-10
Entry 2021-08-26

Problem:

In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation.

[source]

References

CVE Name CVE-2021-39272
URL https://www.fetchmail.info/fetchmail-SA-2021-02.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.