FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fetchmail -- STARTTLS bypass vulnerabilities

Affected packages
fetchmail < 6.4.22.r1

Details

VuXML ID 1d6410e8-06c1-11ec-a35d-03ca114d16d6
Discovery 2021-08-10
Entry 2021-08-26

Problem:

In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation.

References

CVE Name CVE-2021-39272
URL https://www.fetchmail.info/fetchmail-SA-2021-02.txt