Updated fetchmail packages that fix insecure configuration file creation is
This update has been rated as having low security impact by the CentOS
Security Response Team.
Fetchmail is a remote mail retrieval and forwarding utility.
A bug was found in the way the fetchmailconf utility program writes
configuration files. The default behavior of fetchmailconf is to write a
configuration file which may be world readable for a short period of time.
This configuration file could provide passwords to a local malicious
attacker within the short window before fetchmailconf sets secure
permissions. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3088 to this issue.
Users of fetchmail are advised to upgrade to these updated packages, which
contain a backported patch which resolves this issue.