CVE-2005-3088

Synopsis fetchmail security update Type/Severity Security Advisory: Low Topic Updated fetchmail packages that fix insecure configuration file creation isnow availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description Fetchmail is a re ...

Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file During this time, the file was world readable on a standard system (unless the user manually tight ...

Debian Bug report logs - #336096 [sarge] CVE-2005-3088 - password exposure in fetchmailconf Package: fetchmail; Maintainer for fetchmail is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for fetchmail is src:fetchmail (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Oct 2005 19: ...

Debian Bug report logs - #343836 (CVE-2005-4348) Security: DoS attack possible - crashes on empty message Package: fetchmail; Maintainer for fetchmail is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for fetchmail is src:fetchmail (PTS, buildd, popcon) Reported by: Steve Fosdick <dbugs@pelvouxnildramcouk> Date ...

Due to restrictive dependency definition for fetchmail-ssl the updated fetchmailconf package couldn't be installed on the old stable distribution (woody) together with fetchmail-ssl  Hence, this update loosens it, so that the update can be pulled in  For completeness we're including the original advisory text: Thomas Wolff discovered that the ...