Multiple Linux /etc/nullmailer/remotes Permission Weakness Local SMTP Authentication Credential Disclosure
Local Access Required
Loss of Confidentiality
Gentoo Linux contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is due to the program setting insecure world readable permissions for /etc/nullmailer/remotes. This may allow a local attacker to gain access to SMTP authentication credentials that are stored in plaintext.
It has been reported that this issue has been fixed. Upgrade to Nullmailer-1.11-r2, or higher, to address this vulnerability.