CVE-2005-3088
fetchmail 6.2.0, 6.2.5, 6.2.5.2 - Exposure of Sensitive Information via Insecure Configuration File Permissions
Title source: llmDescription
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
References (24)
Core 24
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2182
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20267
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17293
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17349
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17446
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3101
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015114
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21253
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19289
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113042785902031&w=2
Patch, Vendor Advisory x_refsource_confirm
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-900
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15179
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-823.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17495
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/215-1/
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:209
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17491
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18895
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17631
Scores
EPSS
0.0045
EPSS Percentile
36.3%
Details
CWE
CWE-200
Status
published
Products (3)
fetchmail/fetchmail
6.2.0
fetchmail/fetchmail
6.2.5
fetchmail/fetchmail
6.2.5.2
Published
Oct 27, 2005
Tracked Since
Feb 18, 2026