GLSA-200511-06 : fetchmail: Password exposure in fetchmailconf

2005-11-07T00:00:00
ID GENTOO_GLSA-200511-06.NASL
Type nessus
Reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
Modified 2020-06-02T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200511-06 (fetchmail: Password exposure in fetchmailconf)

Thomas Wolff discovered that fetchmailconf opens the configuration
file with default permissions, writes the configuration to it, and only
then restricts read permissions to the owner.

Impact :

A local attacker could exploit the race condition to retrieve
sensitive information like IMAP/POP passwords.

Workaround :

Run

                                        
                                            #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200511-06.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(20156);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:43");

  script_cve_id("CVE-2005-3088");
  script_xref(name:"GLSA", value:"200511-06");

  script_name(english:"GLSA-200511-06 : fetchmail: Password exposure in fetchmailconf");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200511-06
(fetchmail: Password exposure in fetchmailconf)

    Thomas Wolff discovered that fetchmailconf opens the configuration
    file with default permissions, writes the configuration to it, and only
    then restricts read permissions to the owner.
  
Impact :

    A local attacker could exploit the race condition to retrieve
    sensitive information like IMAP/POP passwords.
  
Workaround :

    Run 'umask 077' to temporarily strengthen default permissions,
    then run 'fetchmailconf' from the same shell."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200511-06"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All fetchmail users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-mail/fetchmail-6.2.5.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:fetchmail");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/07");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-mail/fetchmail", unaffected:make_list("ge 6.2.5.2-r1"), vulnerable:make_list("lt 6.2.5.2-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fetchmail");
}