Title : Debian Security Update Fixes Fetchmail Password Disclosure Issue VUPEN ID : VUPEN/ADV-2005-2481 CVE ID : CVE-2005-3088
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-11-18
Technical Description
Debian has released updated packages to correct a vulnerability identified in Fetchmail. This flaw is due to an error in the "fetchmailconf" program that writes configuration data to the "run control" file, which could be exploited by local attackers to gain knowledge of sensitive information (e.g. passwords). For additional information, see : VUPEN/ADV-2005-2182
Note : This update also fixes a regression in the package for "stable" caused by the last security update.
Debian GNU/Linux old-stable (woody) - Upgrade to version 5.9.11-6.3
Debian GNU/Linux stable (sarge) - Upgrade to version 6.2.5-12sarge3
Debian GNU/Linux unstable (sid) - Upgrade to version 6.2.5.4-1 References
