Test ID:	1.3.6.1.4.1.25623.1.0.55851
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-215-1 (fetchmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to fetchmail announced via advisory USN-215-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: fetchmailconf Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users. Solution: The problem can be corrected by upgrading the affected package to version 6.2.5-8ubuntu2.2 (for Ubuntu 4.10), 6.2.5-12ubuntu1.2 (for Ubuntu 5.04), or 6.2.5-13ubuntu3.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-215-1 Risk factor : Medium CVSS Score: 2.1
Cross-Ref:	BugTraq ID: 15179 Common Vulnerability Exposure (CVE) ID: CVE-2005-3088 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://www.securityfocus.com/bid/15179 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20051027 fetchmail security announcement 2005-02 (CVE-2005-3088) (Google Search) http://marc.info/?l=bugtraq&m=113042785902031&w=2 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-900 (Google Search) http://www.debian.org/security/2005/dsa-900 http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:209 http://www.osvdb.org/20267 http://www.redhat.com/support/errata/RHSA-2005-823.html http://securitytracker.com/id?1015114 http://secunia.com/advisories/17293 http://secunia.com/advisories/17349 http://secunia.com/advisories/17446 http://secunia.com/advisories/17491 http://secunia.com/advisories/17495 http://secunia.com/advisories/17631 http://secunia.com/advisories/18895 http://secunia.com/advisories/21253 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499 https://usn.ubuntu.com/215-1/ http://www.vupen.com/english/advisories/2005/2182 http://www.vupen.com/english/advisories/2006/3101
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.