2.1

CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FetchmailFetchmail Version6.2.0
FetchmailFetchmail Version6.2.5
FetchmailFetchmail Version6.2.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.358
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://secunia.com/advisories/21253
Vendor Advisory
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/3101
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=113042785902031&w=2
http://secunia.com/advisories/17293
Patch
Vendor Advisory
http://secunia.com/advisories/17349
Vendor Advisory
http://secunia.com/advisories/17446
Vendor Advisory
http://secunia.com/advisories/17491
Vendor Advisory
http://secunia.com/advisories/17495
Vendor Advisory
http://secunia.com/advisories/17631
Vendor Advisory
http://secunia.com/advisories/18895
Vendor Advisory
http://securitytracker.com/id?1015114
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
http://www.debian.org/security/2005/dsa-900
http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:209
http://www.osvdb.org/20267
http://www.redhat.com/support/errata/RHSA-2005-823.html
http://www.securityfocus.com/bid/15179
Patch
http://www.vupen.com/english/advisories/2005/2182
https://usn.ubuntu.com/215-1/