CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
36.7%
The remote host is affected by the vulnerability described in GLSA-200511-06 (fetchmail: Password exposure in fetchmailconf)
Thomas Wolff discovered that fetchmailconf opens the configuration file with default permissions, writes the configuration to it, and only then restricts read permissions to the owner.
Impact :
A local attacker could exploit the race condition to retrieve sensitive information like IMAP/POP passwords.
Workaround :
Run 'umask 077' to temporarily strengthen default permissions, then run 'fetchmailconf' from the same shell.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200511-06.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20156);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-3088");
script_xref(name:"GLSA", value:"200511-06");
script_name(english:"GLSA-200511-06 : fetchmail: Password exposure in fetchmailconf");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200511-06
(fetchmail: Password exposure in fetchmailconf)
Thomas Wolff discovered that fetchmailconf opens the configuration
file with default permissions, writes the configuration to it, and only
then restricts read permissions to the owner.
Impact :
A local attacker could exploit the race condition to retrieve
sensitive information like IMAP/POP passwords.
Workaround :
Run 'umask 077' to temporarily strengthen default permissions,
then run 'fetchmailconf' from the same shell."
);
script_set_attribute(
attribute:"see_also",
value:"http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt"
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200511-06"
);
script_set_attribute(
attribute:"solution",
value:
"All fetchmail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-mail/fetchmail-6.2.5.2-r1'"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:fetchmail");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2005/11/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/07");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"net-mail/fetchmail", unaffected:make_list("ge 6.2.5.2-r1"), vulnerable:make_list("lt 6.2.5.2-r1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
else security_note(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fetchmail");
}