Lucene search
RedHatRHSA-2005:823HistoryOct 26, 2005 - 12:00 a.m.
(RHSA-2005:823) fetchmail security update
2005-10-2600:00:00
access.redhat.com
9
EPSS
0.001
Percentile
36.7%
Fetchmail is a remote mail retrieval and forwarding utility.
A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write a
configuration file which may be world readable for a short period of time.
This configuration file could provide passwords to a local malicious
attacker within the short window before fetchmailconf sets secure
permissions. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3088 to this issue.
Users of fetchmail are advised to upgrade to these updated packages, which
contain a backported patch which resolves this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 2 | i386 | fetchmailconf | < 5.9.0-21.7.3.el2.1.2 | fetchmailconf-5.9.0-21.7.3.el2.1.2.i386.rpm |
| RedHat | 2 | i386 | fetchmail | < 5.9.0-21.7.3.el2.1.2 | fetchmail-5.9.0-21.7.3.el2.1.2.i386.rpm |
| RedHat | 2 | ia64 | fetchmail | < 5.9.0-21.7.3.el2.1.2 | fetchmail-5.9.0-21.7.3.el2.1.2.ia64.rpm |
| RedHat | 2 | ia64 | fetchmailconf | < 5.9.0-21.7.3.el2.1.2 | fetchmailconf-5.9.0-21.7.3.el2.1.2.ia64.rpm |
Related
openvas
openvas
Debian: Security Advisory (DSA-900-3)
2008-01-17 00:00:00
Debian Security Advisory DSA 900-1 (fetchmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 900-2 (fetchmail)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-3088
2005-10-27 00:00:00
nessus
nessus
FreeBSD : fetchmail -- fetchmailconf local password exposure (baf74e0b-497a-11da-a4f4-0060084a00e5)
2006-05-13 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : fetchmail vulnerability (USN-215-1)
2006-01-15 00:00:00
RHEL 2.1 : fetchmail (RHSA-2005:823)
2005-10-28 00:00:00
ubuntu
ubuntu
fetchmailconf vulnerability
2005-11-08 00:00:00
debian
debian
freebsd
freebsd
fetchmail -- fetchmailconf local password exposure
2005-10-21 00:00:00
cvelist
cvelist
CVE-2005-3088
2005-10-27 04:00:00
nvd
nvd
CVE-2005-3088
2005-10-27 10:02:00
debiancve
debiancve
CVE-2005-3088
2005-10-27 10:02:00
centos
centos
fetchmail, fetchmailconf security update
2005-10-28 03:32:26
securityvulns
securityvulns
fetchmail security announcement 2005-02 (CVE-2005-3088)
2005-10-28 00:00:00
gentoo
gentoo
fetchmail: Password exposure in fetchmailconf
2005-11-06 00:00:00
cve
cve
CVE-2005-3088
2005-10-27 10:02:00
slackware
slackware
[slackware-security] fetchmail
2006-02-15 00:26:01