CVE-2005-3088

Related Files

Debian Linux Security Advisory 900-1

Posted Nov 20, 2005

Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 900-1 - Thomas Wolff discovered that the fetchmailconfig program which is provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, creates the new configuration in an insecure fashion that can lead to leaking passwords for mail accounts to local users.

tags | advisory, local, imap

systems | linux, debian

advisories | CVE-2005-3088

SHA-256 | 1fab93074bcf0d6c1ff84696b4f9e765f5d00b58003a806527e17411b3e97f72

Download | Favorite | View

Ubuntu Security Notice 215-1

Posted Nov 12, 2005

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2005-3088

SHA-256 | 6623623dafd34401f8c96868a18ded75da8c838542b53142fe1c1ed8ae52e8fe

Download | Favorite | View

fetchmail-SA-2005-02.txt

Posted Oct 30, 2005

Authored by Matthias Andree

Fetchmail version 1.02 suffers from a password disclosure vulnerability where the configuration file stores the password in clear text prior to setting the proper permissions.

tags | advisory

advisories | CVE-2005-3088

SHA-256 | cb466b5def2824910541b860561776367b2d03a1c01eaedb55b9fe90779e4adb

Download | Favorite | View