RHEL 2.1 : fetchmail (RHSA-2005:823)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated fetchmail packages that fix insecure configuration file
creation is now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

Fetchmail is a remote mail retrieval and forwarding utility.

A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write
a configuration file which may be world readable for a short period of
time. This configuration file could provide passwords to a local
malicious attacker within the short window before fetchmailconf sets
secure permissions. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3088 to this issue.

Users of fetchmail are advised to upgrade to these updated packages,
which contain a backported patch which resolves this issue.

See also :


Solution :

Update the affected fetchmail and / or fetchmailconf packages.

Risk factor :

Low / CVSS Base Score : 2.1

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20106 ()

Bugtraq ID:

CVE ID: CVE-2005-3088

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now