CVE-2005-3088 — Sensitive Information Exposure in Fetchmail

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 74.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fetchmail Debian Fetchmail

Timeline

PublishedOct 27

Latest updateMay 1

Description

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/fetchmail< fetchmail 6.2.5.4-1 (bookworm)

▶Debianfetchmail/fetchmail< 6.2.5.4-1+2

▶NVDfetchmail/fetchmail6.2.0, 6.2.5, 6.2.5.2+2

Patches

Patch: fetchmail.berlios.de ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-78m6-w6r4-m4h9: fetchmailconf before 1↗2022-05-01

▶

OSV

CVE-2005-3088: fetchmailconf before 1↗2005-10-27

▶

📋Vendor Advisories

Ubuntu

fetchmailconf vulnerability↗2005-11-08

▶

Red Hat

security flaw↗2005-10-21

▶

Debian

CVE-2005-3088: fetchmail - fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configur...↗2005

▶

💬Community

Bugzilla

CVE-2005-3088 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-3088 fetchmailconf insecure configuration file↗2005-10-21

▶