CVE-2005-3088

Name: CVE-2005-3088
Creator: NVD / NIST
Published: 2005-10-27T10:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.45%

Last modified Jun 16, 2026

CVE-2005-3088 is a vulnerability of currently unknown severity. fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.

Metrics

EPSS Probability

0.45%

36.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Fetchmail	Fetchmail	6.2.0
Fetchmail	Fetchmail	6.2.5
Fetchmail	Fetchmail	6.2.5.2

References

http://fetchmail.berlios.de/fetchmail-SA-2005-02.txtPatch, Vendor Advisory
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://marc.info/?l=bugtraq&m=113042785902031&w=2
http://secunia.com/advisories/17293Patch, Vendor Advisory
http://secunia.com/advisories/17349Vendor Advisory
http://secunia.com/advisories/17446Vendor Advisory
http://secunia.com/advisories/17491Vendor Advisory
http://secunia.com/advisories/17495Vendor Advisory
http://secunia.com/advisories/17631Vendor Advisory
http://secunia.com/advisories/18895Vendor Advisory
http://secunia.com/advisories/21253Vendor Advisory
http://securitytracker.com/id?1015114
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
http://www.debian.org/security/2005/dsa-900
http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:209
http://www.osvdb.org/20267
http://www.redhat.com/support/errata/RHSA-2005-823.html
http://www.securityfocus.com/bid/15179Patch
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2005/2182
http://www.vupen.com/english/advisories/2006/3101
https://usn.ubuntu.com/215-1/
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txtPatch, Vendor Advisory
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://marc.info/?l=bugtraq&m=113042785902031&w=2
http://secunia.com/advisories/17293Patch, Vendor Advisory
http://secunia.com/advisories/17349Vendor Advisory
http://secunia.com/advisories/17446Vendor Advisory
http://secunia.com/advisories/17491Vendor Advisory
http://secunia.com/advisories/17495Vendor Advisory
http://secunia.com/advisories/17631Vendor Advisory
http://secunia.com/advisories/18895Vendor Advisory
http://secunia.com/advisories/21253Vendor Advisory
http://securitytracker.com/id?1015114
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499
http://www.debian.org/security/2005/dsa-900
http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:209
http://www.osvdb.org/20267
http://www.redhat.com/support/errata/RHSA-2005-823.html
http://www.securityfocus.com/bid/15179Patch
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2005/2182
http://www.vupen.com/english/advisories/2006/3101
https://usn.ubuntu.com/215-1/

Timeline

Published: Oct 27, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-3088?

How severe is CVE-2005-3088?

Severity scoring for CVE-2005-3088 is pending analysis. The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.

How do I fix CVE-2005-3088?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3088?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST