what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

usn-215-1.txt

usn-215-1.txt
Posted Nov 8, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 6623623dafd34401f8c96868a18ded75da8c838542b53142fe1c1ed8ae52e8fe

usn-215-1.txt

Change Mirror Download

--k4f25fnPtRuIRUb3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-215-1 November 07, 2005
fetchmail vulnerability
CVE-2005-3088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

fetchmailconf

The problem can be corrected by upgrading the affected package to
version 6.2.5-8ubuntu2.2 (for Ubuntu 4.10), 6.2.5-12ubuntu1.2 (for
Ubuntu 5.04), or 6.2.5-13ubuntu3.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Thomas Wolff and Miloslav Trmac discovered a race condition in the
fetchmailconf program. The output configuration file was initially
created with insecure permissions, and secure permissions were applied
after writing the configuration into the file. During this time, the
file was world readable on a standard system (unless the user manually
tightened his umask setting), which could expose email passwords to
local users.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2.diff.gz
Size/MD5: 136476 6065936c288a0b5ce3e241fc3cf98e29
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2.dsc
Size/MD5: 639 c711ee2923a6a4f31ed4fe684890061c
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-8ubuntu2.2_all.deb
Size/MD5: 101584 5c4d3bd84b6a6f404dbb54cc0be4cbd6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2_amd64.deb
Size/MD5: 555668 9a1de14c3323d91e24ec1108e05d6a99

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2_i386.deb
Size/MD5: 546280 7472cd0c9bfd7720a35af726865d23d3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2_powerpc.deb
Size/MD5: 556084 58ea16a77d08f2fbd721ecdae122539a

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2.diff.gz
Size/MD5: 150532 5407f7b7f814dbcb9d0c6c28d01f70f8
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2.dsc
Size/MD5: 656 f1a4cab136fc5d2455d5ddec6dfb3e2a
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-12ubuntu1.2_all.deb
Size/MD5: 42350 90a3bb16d09d454321014010b4e6b4da
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-12ubuntu1.2_all.deb
Size/MD5: 101404 36148260f291326228eaff1185b7133c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2_amd64.deb
Size/MD5: 296894 501b55647d5a7b527d1b11fa8454d7ed

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2_i386.deb
Size/MD5: 286176 5e35d166c8a76ba3b20af6d33a2f5dd4

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2_powerpc.deb
Size/MD5: 296206 c4c08a4fef2ccb91dd92407f9d714f83

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1.diff.gz
Size/MD5: 130825 fc5ccdf6aaa875444f0852a62751f394
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1.dsc
Size/MD5: 830 4374876640b93de50c1ab3260ea57e46
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-13ubuntu3.1_all.deb
Size/MD5: 42852 da929363e6e3801da2801f32f0c6a2be
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-13ubuntu3.1_all.deb
Size/MD5: 101896 492477d857965f8d407b7c08de72380e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1_amd64.deb
Size/MD5: 299390 da9c9b6ee9b0e2bb066e5b192a712e36

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1_i386.deb
Size/MD5: 286168 a9dc5d11bd82299bf2ed67698bf54ca3

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1_powerpc.deb
Size/MD5: 297094 b5a21f405eb3aa4f0cc94f5f7280710e

--k4f25fnPtRuIRUb3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDb9SRDecnbV4Fd/IRArWKAKDFgVw4tkmv4JFijPeHVtcUHYJR+QCbBw36
xHExf+hOK4dEpiRXj/l3jao=
=3DhM
-----END PGP SIGNATURE-----

--k4f25fnPtRuIRUb3--
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close