NetBSD mail Record File Permission Weakness Information Disclosure
Local Access Required
Loss of Confidentiality
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the "set record" setting is present in a users .mailrc and the default umask is set, which will create a record file with insecure permissions. This will disclose the record file of a user's email resulting in a loss of confidentiality.
Upgrade via CVS by following the instructions from the advisory, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.