RHEL 2.1 : fetchmail (RHSA-2005:823)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated fetchmail packages that fix insecure configuration file
creation is now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

Fetchmail is a remote mail retrieval and forwarding utility.

A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write
a configuration file which may be world readable for a short period of
time. This configuration file could provide passwords to a local
malicious attacker within the short window before fetchmailconf sets
secure permissions. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3088 to this issue.

Users of fetchmail are advised to upgrade to these updated packages,
which contain a backported patch which resolves this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-3088.html
http://rhn.redhat.com/errata/RHSA-2005-823.html

Solution :

Update the affected fetchmail and / or fetchmailconf packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20106 ()

Bugtraq ID:

CVE ID: CVE-2005-3088