Skip to navigation

Security Advisory fetchmail security update

Advisory: RHSA-2005:823-5
Type: Security Advisory
Severity: Low
Issued on: 2005-10-26
Last updated on: 2005-10-26
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-3088

Details

Updated fetchmail packages that fix insecure configuration file creation is
now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Fetchmail is a remote mail retrieval and forwarding utility.

A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write a
configuration file which may be world readable for a short period of time.
This configuration file could provide passwords to a local malicious
attacker within the short window before fetchmailconf sets secure
permissions. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3088 to this issue.

Users of fetchmail are advised to upgrade to these updated packages, which
contain a backported patch which resolves this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
fetchmail-5.9.0-21.7.3.el2.1.2.src.rpm
File outdated by:  RHSA-2007:0385
    MD5: ab1230b502ea023b94dc47b6f5613443
 
IA-32:
fetchmail-5.9.0-21.7.3.el2.1.2.i386.rpm
File outdated by:  RHSA-2007:0385
    MD5: 04f1f11990589b7e8038bd2d0f221618
fetchmailconf-5.9.0-21.7.3.el2.1.2.i386.rpm
File outdated by:  RHSA-2007:0385
    MD5: 415dc5199d6c37764988b99939ee6165
 
IA-64:
fetchmail-5.9.0-21.7.3.el2.1.2.ia64.rpm
File outdated by:  RHSA-2007:0385
    MD5: 7355555a03cbcb04016bd7839ae7c642
fetchmailconf-5.9.0-21.7.3.el2.1.2.ia64.rpm
File outdated by:  RHSA-2007:0385
    MD5: a4cf9d720bf3576b2af5c9a8b471fc5e
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
fetchmail-5.9.0-21.7.3.el2.1.2.src.rpm
File outdated by:  RHSA-2007:0385
    MD5: ab1230b502ea023b94dc47b6f5613443
 
IA-32:
fetchmail-5.9.0-21.7.3.el2.1.2.i386.rpm
File outdated by:  RHSA-2007:0385
    MD5: 04f1f11990589b7e8038bd2d0f221618
fetchmailconf-5.9.0-21.7.3.el2.1.2.i386.rpm
File outdated by:  RHSA-2007:0385
    MD5: 415dc5199d6c37764988b99939ee6165
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
fetchmail-5.9.0-21.7.3.el2.1.2.src.rpm
File outdated by:  RHSA-2007:0385
    MD5: ab1230b502ea023b94dc47b6f5613443
 
IA-32:
fetchmail-5.9.0-21.7.3.el2.1.2.i386.rpm
File outdated by:  RHSA-2007:0385
    MD5: 04f1f11990589b7e8038bd2d0f221618
fetchmailconf-5.9.0-21.7.3.el2.1.2.i386.rpm
File outdated by:  RHSA-2007:0385
    MD5: 415dc5199d6c37764988b99939ee6165
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
fetchmail-5.9.0-21.7.3.el2.1.2.src.rpm
File outdated by:  RHSA-2007:0385
    MD5: ab1230b502ea023b94dc47b6f5613443
 
IA-64:
fetchmail-5.9.0-21.7.3.el2.1.2.ia64.rpm
File outdated by:  RHSA-2007:0385
    MD5: 7355555a03cbcb04016bd7839ae7c642
fetchmailconf-5.9.0-21.7.3.el2.1.2.ia64.rpm
File outdated by:  RHSA-2007:0385
    MD5: a4cf9d720bf3576b2af5c9a8b471fc5e
 

Bugs fixed (see bugzilla for more information)

171474 - CVE-2005-3088 fetchmailconf insecure configuration file


References


Keywords

fetchmailconf


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/