Fetchmail is a remote mail retrieval and forwarding utility.
A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write a
configuration file which may be world readable for a short period of time.
This configuration file could provide passwords to a local malicious
attacker within the short window before fetchmailconf sets secure
permissions. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3088 to this issue.
Users of fetchmail are advised to upgrade to these updated packages, which
contain a backported patch which resolves this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 2 | i386 | fetchmailconf | < 5.9.0-21.7.3.el2.1.2 | fetchmailconf-5.9.0-21.7.3.el2.1.2.i386.rpm |
RedHat | 2 | i386 | fetchmail | < 5.9.0-21.7.3.el2.1.2 | fetchmail-5.9.0-21.7.3.el2.1.2.i386.rpm |
RedHat | 2 | ia64 | fetchmail | < 5.9.0-21.7.3.el2.1.2 | fetchmail-5.9.0-21.7.3.el2.1.2.ia64.rpm |
RedHat | 2 | ia64 | fetchmailconf | < 5.9.0-21.7.3.el2.1.2 | fetchmailconf-5.9.0-21.7.3.el2.1.2.ia64.rpm |