This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
Thomas Wolff and Miloslav Trmac discovered a race condition in the
fetchmailconf program. fetchmailconf would create the initial output
configuration file with insecure permissions and only after writing
would it change permissions to be more restrictive. During that time,
passwords and other data could be exposed to other users on the system
unless the user used a more restrictive umask setting.
As well, the Mandriva Linux 2006 packages did not contain the patch
that corrected the issues fixed in MDKSA-2005:126, namely a buffer
overflow in fetchmail's POP3 client (CVE-2005-2355).
The updated packages have been patched to address this issue, and the
Mandriva 2006 packages have also been patched to correct
Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf
Risk factor :
Medium / CVSS Base Score : 5.0