USN-215-1: fetchmailconf vulnerability

8 November 2005

fetchmail vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
fetchmailconf
Ubuntu 5.04
fetchmailconf
Ubuntu 4.10
fetchmailconf

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References