Red Hat Security Advisory 2009:1427-1: Moderate: fetchmail security update

26
Article Source Red Hat Security Updates

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections.

It was discovered that fetchmail is affected by the previously published null prefix attack”, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666)…

Read More