Vulnerability Details : CVE-2005-3088
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
Vulnerability category: Information leak
Products affected by CVE-2005-3088
- cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.2.5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3088
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3088
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2005-3088
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-3088
-
http://www.redhat.com/support/errata/RHSA-2005-823.html
Support
-
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
Fetchmail - Kostenloser Open Source Mail DaemonPatch;Vendor Advisory
-
http://securitytracker.com/id?1015114
Access Denied
-
https://usn.ubuntu.com/215-1/
404: Page not found | Ubuntu
-
http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml
fetchmail: Password exposure in fetchmailconf (GLSA 200511-06) — Gentoo security
-
http://marc.info/?l=bugtraq&m=113042785902031&w=2
'fetchmail security announcement 2005-02 (CVE-2005-3088)' - MARC
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
The Slackware Linux Project: Slackware Security Advisories
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:209
Mandriva
-
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Page Not Found | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2005/2182
Site en construction
-
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Apple - Lists.apple.com
-
http://www.debian.org/security/2005/dsa-900
Debian -- The Universal Operating System
-
http://www.securityfocus.com/bid/15179
Patch
-
http://www.securityfocus.com/bid/19289
-
http://www.vupen.com/english/advisories/2006/3101
Site en construction
Jump to