fetchmail: Password exposure in fetchmailconf — GLSA 200511-06

fetchmailconf fails to properly handle file permissions, temporarily exposing sensitive information to other local users.

Affected Packages

net-mail/fetchmail on all architectures
Affected versions < 6.2.5.2-r1
Unaffected versions >= 6.2.5.2-r1

Background

fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. It ships with fetchmailconf, a graphical utility used to create configuration files.

Description

Thomas Wolff discovered that fetchmailconf opens the configuration file with default permissions, writes the configuration to it, and only then restricts read permissions to the owner.

Impact

A local attacker could exploit the race condition to retrieve sensitive information like IMAP/POP passwords.

Workaround

Run "umask 077" to temporarily strengthen default permissions, then run "fetchmailconf" from the same shell.

Resolution

All fetchmail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2-r1"

References

Release Date
November 06, 2005

Latest Revision
November 06, 2005: 01

Severity
normal

Exploitable
local

Bugzilla entries