CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
36.7%
CentOS Errata and Security Advisory CESA-2005:823-01
Fetchmail is a remote mail retrieval and forwarding utility.
A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write a
configuration file which may be world readable for a short period of time.
This configuration file could provide passwords to a local malicious
attacker within the short window before fetchmailconf sets secure
permissions. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3088 to this issue.
Users of fetchmail are advised to upgrade to these updated packages, which
contain a backported patch which resolves this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-October/074510.html
Affected packages:
fetchmail
fetchmailconf
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | fetchmail | < 5.9.0-21.7.3.el2.1.2 | fetchmail-5.9.0-21.7.3.el2.1.2.i386.rpm |
CentOS | 2 | i386 | fetchmailconf | < 5.9.0-21.7.3.el2.1.2 | fetchmailconf-5.9.0-21.7.3.el2.1.2.i386.rpm |