Title : Gentoo Security Update Fixes Fetchmail Password Disclosure Issue VUPEN ID : VUPEN/ADV-2005-2326 CVE ID : CVE-2005-3088
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2005-11-07
Technical Description
Gentoo has released updated packages to correct a vulnerability identified in Fetchmail. This flaw is due to an error in the "fetchmailconf" program that writes configuration data to the "run control" file, which could be exploited by local attackers to gain knowledge of sensitive information (e.g. passwords). For additional information, see : VUPEN/ADV-2005-2182
