CVE-2005-3088
CVSS2.1
发布时间 :2005-10-27 06:02:00
修订时间 :2016-10-17 23:32:46
NMCOPS    

[原文]fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.


[CNNVD]fetchmail口令泄露漏洞(CNNVD-200510-230)

        fetchmail是用于从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传输代理的软件包。
        fetchmailconf工具程序写配置文件的方式存在漏洞,本地攻击者可能利用此漏洞获取访问口令。
        fetchmailconf默认的行为是写出短期内完全可读的配置文件。在fetchmailconf设置安全的权限之前,这个配置文件可能在很短的窗口中为本地恶意攻击者提供口令。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/a:fetchmail:fetchmail:6.2.5Fetchmail 6.2.5
cpe:/a:fetchmail:fetchmail:6.2.0Fetchmail 6.2.0
cpe:/a:fetchmail:fetchmail:6.2.5.2Fetchmail 6.2.5.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3088
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-230
(官方数据源) CNNVD

- 其它链接及资源

http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
(VENDOR_ADVISORY)  CONFIRM  http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2006-08-01
http://marc.info/?l=bugtraq&m=113042785902031&w=2
(UNKNOWN)  BUGTRAQ  20051027 fetchmail security announcement 2005-02 (CVE-2005-3088)
http://securitytracker.com/id?1015114
(UNKNOWN)  SECTRACK  1015114
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
(UNKNOWN)  SLACKWARE  SSA:2006-045-01
http://www.debian.org/security/2005/dsa-900
(UNKNOWN)  DEBIAN  DSA-900
http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml
(UNKNOWN)  GENTOO  GLSA-200511-06
http://www.mandriva.com/security/advisories?name=MDKSA-2005:209
(UNKNOWN)  MANDRIVA  MDKSA-2005:209
http://www.redhat.com/support/errata/RHSA-2005-823.html
(UNKNOWN)  REDHAT  RHSA-2005:823
http://www.securityfocus.com/bid/15179
(PATCH)  BID  15179
http://www.securityfocus.com/bid/19289
(UNKNOWN)  BID  19289
http://www.ubuntulinux.org/support/documentation/usn/usn-215-1
(UNKNOWN)  UBUNTU  USN-215-1
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
(UNKNOWN)  CERT  TA06-214A
http://www.vupen.com/english/advisories/2005/2182
(UNKNOWN)  VUPEN  ADV-2005-2182
http://www.vupen.com/english/advisories/2006/3101
(UNKNOWN)  VUPEN  ADV-2006-3101

- 漏洞信息

fetchmail口令泄露漏洞
低危 竞争条件
2005-10-27 00:00:00 2005-10-31 00:00:00
本地  
        fetchmail是用于从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传输代理的软件包。
        fetchmailconf工具程序写配置文件的方式存在漏洞,本地攻击者可能利用此漏洞获取访问口令。
        fetchmailconf默认的行为是写出短期内完全可读的配置文件。在fetchmailconf设置安全的权限之前,这个配置文件可能在很短的窗口中为本地恶意攻击者提供口令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=661
        https://developer.berlios.de/project/showfiles.php?group_id=1824

- 漏洞信息 (F41693)

Debian Linux Security Advisory 900-1 (PacketStormID:F41693)
2005-11-20 00:00:00
Debian  security.debian.org
advisory,local,imap
linux,debian
CVE-2005-3088
[点击下载]

Debian Security Advisory DSA 900-1 - Thomas Wolff discovered that the fetchmailconfig program which is provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, creates the new configuration in an insecure fashion that can lead to leaking passwords for mail accounts to local users.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 900-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 18th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : fetchmail
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2005-3088
Debian Bug     : 336096

Thomas Wolff discovered that the fetchmailconfig program which is
provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail
gatherer/forwarder, creates the new configuration in an insecure
fashion that can lead to leaking passwords for mail accounts to local
users.

This update also fixes a regression in the package for stable caused
by the last security update.

For the old stable distribution (woody) this problem has been fixed in
version 5.9.11-6.3.

For the stable distribution (sarge) this problem has been fixed in
version 6.2.5-12sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 6.2.5.4-1.

We recommend that you upgrade your fetchmail package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3.dsc
      Size/MD5 checksum:      712 a0202bbfb89a964b38465ab99dac26ed
    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3.diff.gz
      Size/MD5 checksum:   300489 a43d4b0751865e409d127f6569d78524
    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
      Size/MD5 checksum:   950273 fff00cbf7be1d01a17605fee23ac96dd

  Architecture independent components:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.3_all.deb
      Size/MD5 checksum:   165446 303e0f26a717123abc01d437b4cf1974
    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.9.11-6.3_all.deb
      Size/MD5 checksum:    92808 e0a1f45234ad0b383dae4247022ff6ba

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_alpha.deb
      Size/MD5 checksum:   307102 8d4c758ec374023ec8f140f3b2eef52d

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_arm.deb
      Size/MD5 checksum:   290750 e41f41c442f557d0aa2e38cb40a7efeb

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_i386.deb
      Size/MD5 checksum:   286466 c5dff26534fdc8c64a79192221885788

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_ia64.deb
      Size/MD5 checksum:   329958 8f1065e6d3cf76ba2f79b09ac07bdd0e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_hppa.deb
      Size/MD5 checksum:   299072 24ed41433f2a9ef4892bf824b1993c3e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_m68k.deb
      Size/MD5 checksum:   281252 a43b569cba25dcac5dbcdb536c3aefd7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_mips.deb
      Size/MD5 checksum:   296526 3af7a165324f15a03d7692ccaef40afb

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_mipsel.deb
      Size/MD5 checksum:   296000 76f6728f33f773675d82b13d633eaab2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_powerpc.deb
      Size/MD5 checksum:   291508 0220931bcbacb71e6fa7e779c8ef4e47

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_s390.deb
      Size/MD5 checksum:   288954 4489b6d67616d3a3f7a3e32d0cc37f69

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.3_sparc.deb
      Size/MD5 checksum:   293570 292404ed1be18eba63d9405e71381701


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3.dsc
      Size/MD5 checksum:      650 6dd801f3e8877367a3000f1facc0126d
    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3.diff.gz
      Size/MD5 checksum:   150051 4d0139fa9e5454ab9fdc6f1eb48283e0
    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
      Size/MD5 checksum:  1257376 9956b30139edaa4f5f77c4d0dbd80225

  Architecture independent components:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge3_all.deb
      Size/MD5 checksum:    42164 3fbfce00d6a72c377a86e0cb95824705
    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge3_all.deb
      Size/MD5 checksum:   101250 04f2e561760abcd1c66aeec0c0b117f6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_alpha.deb
      Size/MD5 checksum:   572866 f4e4242c913c81d52bf9a42e66159506

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_amd64.deb
      Size/MD5 checksum:   555584 314cbb3efc21c4470c854a7399fd1155

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_arm.deb
      Size/MD5 checksum:   549084 56ea374911ac1d67350f2a0d1e8ac70f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_i386.deb
      Size/MD5 checksum:   547594 593b3e0674a1cdc1c21a408182f0bcb2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_ia64.deb
      Size/MD5 checksum:   596932 91869ec27cc91940fb2894424cd10826

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_hppa.deb
      Size/MD5 checksum:   561514 4f99dcd9b420193560c634538e84bd42

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_m68k.deb
      Size/MD5 checksum:   537822 89797886e97b38be63f159e70160573b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_mips.deb
      Size/MD5 checksum:   556576 5a7959621e3316944a7990bad898c6e4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_mipsel.deb
      Size/MD5 checksum:   556324 8ec394bd9a4fcb73b6a416f0f15a5aad

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_powerpc.deb
      Size/MD5 checksum:   556144 6437a64037de6c104f815db8a2e3de82

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_s390.deb
      Size/MD5 checksum:   554390 0aa60368270eef9d254fb6a24bda535e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_sparc.deb
      Size/MD5 checksum:   549088 4420c57d6f0489df813bf72459e45e5e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDfYj5W5ql+IAeqTIRAgd9AKChPUCW7viEQ8S2oKtjZ8FJsH+iDACcCuJq
OSQ+r87pirdKIO/HM36zlRI=
=lCPL
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F41483)

Ubuntu Security Notice 215-1 (PacketStormID:F41483)
2005-11-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,local
linux,ubuntu
CVE-2005-3088
[点击下载]

Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

===========================================================
Ubuntu Security Notice USN-215-1	  November 07, 2005
fetchmail vulnerability
CVE-2005-3088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

fetchmailconf

The problem can be corrected by upgrading the affected package to
version 6.2.5-8ubuntu2.2 (for Ubuntu 4.10), 6.2.5-12ubuntu1.2 (for
Ubuntu 5.04), or 6.2.5-13ubuntu3.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Thomas Wolff and Miloslav Trmac discovered a race condition in the
fetchmailconf program. The output configuration file was initially
created with insecure permissions, and secure permissions were applied
after writing the configuration into the file. During this time, the
file was world readable on a standard system (unless the user manually
tightened his umask setting), which could expose email passwords to
local users.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2.diff.gz
      Size/MD5:   136476 6065936c288a0b5ce3e241fc3cf98e29
    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2.dsc
      Size/MD5:      639 c711ee2923a6a4f31ed4fe684890061c
    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
      Size/MD5:  1257376 9956b30139edaa4f5f77c4d0dbd80225

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-8ubuntu2.2_all.deb
      Size/MD5:   101584 5c4d3bd84b6a6f404dbb54cc0be4cbd6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2_amd64.deb
      Size/MD5:   555668 9a1de14c3323d91e24ec1108e05d6a99

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2_i386.deb
      Size/MD5:   546280 7472cd0c9bfd7720a35af726865d23d3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.2_powerpc.deb
      Size/MD5:   556084 58ea16a77d08f2fbd721ecdae122539a

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2.diff.gz
      Size/MD5:   150532 5407f7b7f814dbcb9d0c6c28d01f70f8
    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2.dsc
      Size/MD5:      656 f1a4cab136fc5d2455d5ddec6dfb3e2a
    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
      Size/MD5:  1257376 9956b30139edaa4f5f77c4d0dbd80225

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-12ubuntu1.2_all.deb
      Size/MD5:    42350 90a3bb16d09d454321014010b4e6b4da
    http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-12ubuntu1.2_all.deb
      Size/MD5:   101404 36148260f291326228eaff1185b7133c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2_amd64.deb
      Size/MD5:   296894 501b55647d5a7b527d1b11fa8454d7ed

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2_i386.deb
      Size/MD5:   286176 5e35d166c8a76ba3b20af6d33a2f5dd4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.2_powerpc.deb
      Size/MD5:   296206 c4c08a4fef2ccb91dd92407f9d714f83

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1.diff.gz
      Size/MD5:   130825 fc5ccdf6aaa875444f0852a62751f394
    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1.dsc
      Size/MD5:      830 4374876640b93de50c1ab3260ea57e46
    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
      Size/MD5:  1257376 9956b30139edaa4f5f77c4d0dbd80225

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-13ubuntu3.1_all.deb
      Size/MD5:    42852 da929363e6e3801da2801f32f0c6a2be
    http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-13ubuntu3.1_all.deb
      Size/MD5:   101896 492477d857965f8d407b7c08de72380e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1_amd64.deb
      Size/MD5:   299390 da9c9b6ee9b0e2bb066e5b192a712e36

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1_i386.deb
      Size/MD5:   286168 a9dc5d11bd82299bf2ed67698bf54ca3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.1_powerpc.deb
      Size/MD5:   297094 b5a21f405eb3aa4f0cc94f5f7280710e
    

- 漏洞信息 (F41048)

fetchmail-SA-2005-02.txt (PacketStormID:F41048)
2005-10-30 00:00:00
Matthias Andree  
advisory
CVE-2005-3088
[点击下载]

Fetchmail version 1.02 suffers from a password disclosure vulnerability where the configuration file stores the password in clear text prior to setting the proper permissions.

fetchmail-SA-2005-02: security announcement

Topic:		password exposure in fetchmailconf

Author:		Matthias Andree
Version:	1.02
Announced:	2005-10-21
Type:		insecure creation of file
Impact:		passwords are written to a world-readable file
Danger:		medium
Credits:	Thomas Wolff, Miloslav Trmac for pointing out
		that fetchmailconf 1.43.1 was also flawed
CVE Name:	CVE-2005-3088
URL:		http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt

Affects:	fetchmail version 6.2.5.2
		fetchmail version 6.2.5
		fetchmail version 6.2.0
		fetchmailconf 1.43   (shipped with 6.2.0, 6.2.5 and 6.2.5.2)
		fetchmailconf 1.43.1 (shipped separately, now withdrawn)
		(other versions have not been checked but are presumed affected)

Not affected:	fetchmail 6.2.9-rc6
		fetchmailconf 1.43.2 (use this for fetchmail-6.2.5.2)
		fetchmailconf 1.49   (shipped with 6.2.9-rc6)
		fetchmail 6.3.0      (not released yet)

Corrected:	2005-09-28 01:14 UTC (SVN) - committed bugfix (r4351)
		2005-10-21                 - released fetchmailconf-1.43.2
		2005-10-21                 - released fetchmail 6.2.9-rc6

0. Release history
==================

2005-10-21	1.00 - initial version (shipped with -rc6)
2005-10-21	1.01 - marked 1.43.1 vulnerable
		     - revised section 4
		     - added Credits
2005-10-27	1.02 - reformatted section 0
		     - updated CVE Name to new naming scheme

1. Background
=============

fetchmail is a software package to retrieve mail from remote POP2, POP3,
IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
message delivery agents.

fetchmail ships with a graphical, Python/Tkinter based configuration
utility named "fetchmailconf" to help the user create configuration (run
control) files for fetchmail.

2. Problem description and Impact
=================================

The fetchmailconf program before and excluding version 1.49 opened the
run control file, wrote the configuration to it, and only then changed
the mode to 0600 (rw-------). Writing the file, which usually contains
passwords, before making it unreadable to other users, can expose
sensitive password information.

3. Workaround
=============

Run "umask 077", then run "fetchmailconf" from the same shell. After
fetchmailconf has finished, you can restore your old umask.

4. Solution
===========

For users of fetchmail-6.2.5.2:
-------------------------------
Download fetchmailconf-1.43.2.gz from fetchmail's project site
<http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=6617>,
gunzip it, then replace your existing fetchmailconf with it.

For users of fetchmail-6.2.6* or 6.2.9* before 6.2.9-rc6:
---------------------------------------------------------
update to the latest fetchmail-devel package, 6.2.9-rc6 on 2005-10-21.
<https://developer.berlios.de/project/showfiles.php?group_id=1824>

A. References
=============

fetchmail home page: <http://fetchmail.berlios.de/>

B. Copyright, License and Warranty
==================================

(C) Copyright 2005 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.

This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.

THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.

END OF fetchmail-SA-2005-02.txt
    

- 漏洞信息

20267
Fetchmail fetchmailconf Race Condition Password Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Fetchmail contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text passwords when the fetchmailconf utility is used to create a configuration. The utility writes the configuration file before restricting access to other users, which may lead to a loss of confidentiality.

- 时间线

2005-10-21 Unknow
2005-10-21 Unknow

- 解决方案

Upgrade to version 6.2.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Fetchmail's FetchmailConf Utility Local Information Disclosure Vulnerability
Race Condition Error 15179
No Yes
2005-10-24 12:00:00 2007-02-08 05:38:00
Thomas Wolff and Miloslav Trmac are credited with the discovery of this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
TransSoft Broker FTP Server 8.0
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
Red Hat Fedora Core2
Red Hat Fedora Core1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Gentoo Linux
Eric Raymond fetchmailconf 1.43.1
Eric Raymond fetchmailconf 1.43
Eric Raymond Fetchmail 6.2.5 .2
Eric Raymond Fetchmail 6.2.5
Eric Raymond Fetchmail 6.2 .0
Eric Raymond Fetchmail 6.1.3
+ OpenPKG OpenPKG Current
Eric Raymond Fetchmail 6.1 .0
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
Eric Raymond Fetchmail 6.0 .0
Eric Raymond Fetchmail 5.9.11
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Cosmicperl Directory Pro 10.0.3
Conectiva Linux 10.0
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0
Eric Raymond fetchmailconf 1.49
Eric Raymond fetchmailconf 1.43.2
Eric Raymond Fetchmail 6.2.9 -rc6

- 不受影响的程序版本

Eric Raymond fetchmailconf 1.49
Eric Raymond fetchmailconf 1.43.2
Eric Raymond Fetchmail 6.2.9 -rc6

- 漏洞讨论

Fetchmail is susceptible to an information-disclosure vulnerability. This issue is due to a race condition in the 'fetchmailconf' configuration utility.

This issue allows local attackers to gain access to potentially sensitive information, including email authentication credentials, aiding them in further attacks.

Versions of Fetchmail prior to 6.2.9-rc6 include a vulnerable version of 'fetchmailconf'. Versions of 'fetchmailconf' prior to 1.43.2 and 1.49 are vulnerable.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released updates to address this issue. Please see the referenced advisories for more information.


Turbolinux Turbolinux 10 F...

Turbolinux Turbolinux FUJI

TurboLinux Multimedia

Turbolinux Appliance Server 1.0 Workgroup Edition

Eric Raymond fetchmailconf 1.43

Turbolinux Turbolinux Server 10.0

Turbolinux Turbolinux Desktop 10.0

Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X 10.4.7

Eric Raymond Fetchmail 6.1 .0

Eric Raymond Fetchmail 6.1.3

Eric Raymond Fetchmail 6.2 .0

Eric Raymond Fetchmail 6.2.5 .2

TransSoft Broker FTP Server 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站