FreeBSD : fetchmail -- fetchmailconf local password exposure (baf74e0b-497a-11da-a4f4-0060084a00e5)
Low Nessus Plugin ID 21503
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe fetchmail team reports :
The fetchmailconf program before and excluding version 1.49 opened the run control file, wrote the configuration to it, and only then changed the mode to 0600 (rw-------). Writing the file, which usually contains passwords, before making it unreadable to other users, can expose sensitive password information.
SolutionUpdate the affected package.