Lucene search
FreeBSDBAF74E0B-497A-11DA-A4F4-0060084A00E5HistoryOct 21, 2005 - 12:00 a.m.
fetchmail -- fetchmailconf local password exposure
2005-10-2100:00:00
vuxml.freebsd.org
9
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
36.1%
The fetchmail team reports:
The fetchmailconf program before and excluding version
1.49 opened the run control file, wrote the configuration
to it, and only then changed the mode to 0600 (rw-------).
Writing the file, which usually contains passwords, before
making it unreadable to other users, can expose sensitive
password information.
Related
debian
debian
openvas
openvas
Debian Security Advisory DSA 900-2 (fetchmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 900-1 (fetchmail)
2008-01-17 00:00:00
FreeBSD Ports: fetchmail
2008-09-04 00:00:00
ubuntu
ubuntu
fetchmailconf vulnerability
2005-11-08 00:00:00
nessus
nessus
GLSA-200511-06 : fetchmail: Password exposure in fetchmailconf
2005-11-07 00:00:00
Debian DSA-900-3 : fetchmail - programming error
2006-10-14 00:00:00
cve
cve
CVE-2005-3088
2005-10-27 10:02:00
ubuntucve
ubuntucve
CVE-2005-3088
2005-10-27 00:00:00
redhat
redhat
(RHSA-2005:823) fetchmail security update
2005-10-26 00:00:00
securityvulns
securityvulns
fetchmail security announcement 2005-02 (CVE-2005-3088)
2005-10-28 00:00:00
debiancve
debiancve
CVE-2005-3088
2005-10-27 10:02:00
gentoo
gentoo
fetchmail: Password exposure in fetchmailconf
2005-11-06 00:00:00
centos
centos
fetchmail, fetchmailconf security update
2005-10-28 03:32:26
slackware
slackware
[slackware-security] fetchmail
2006-02-15 00:26:01
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
36.1%
Related for BAF74E0B-497A-11DA-A4F4-0060084A00E5