Bug 962988 - ssmtp.conf is world readble which is a security risk when using a password authentication
ssmtp.conf is world readble which is a security risk when using a password au...
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: ssmtp (Show other bugs)
el6
All Linux
unspecified Severity high
: ---
: ---
Assigned To: manuel wolfshant
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-14 18:02 EDT by Jérôme Loyet
Modified: 2014-01-12 14:19 EST (History)
1 user (show)

See Also:
Fixed In Version: ssmtp-2.61-21.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-03 20:52:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Debian BTS 661954 None None None Never

  None (edit)
Description Jérôme Loyet 2013-05-14 18:02:42 EDT
Description of problem:
In order to have ssmtp working for every user on the machine, the file /etc/ssmtp/ssmtp.conf must be readable by every user (others must at least have the read right to this file).

If an authentication smtp server is used (as gmail for example), the login and password appears in clear text in ssmtp.conf. This is obviously a security problem.

Version-Release number of selected component (if applicable):
2.61-19.el6

How reproducible:
root# su - test
test# cat /etc/ssmtp/ssmtp.conf
root=prout@test.com
mailhub=smtp.gmail.com:587
AuthUser=someuser@gmail.com
AuthPass=xxxxxxxxxxxxxxx
UseSTARTTLS=YES
RewriteDomain=test.com
FromLineOverride=YES

root# chmod o-rwx /etc/ssmtp/ssmtp.conf
root# su - test
test# date | mail -s test test@test.com
send-mail: Cannot open mailhub:25
root@ tail /var/log/maillog
May 14 23:00:00 xxx sSMTP[2511]: /etc/ssmtp/ssmtp.conf not found
May 14 23:00:00 xxx sSMTP[2511]: Unable to locate mailhub
May 14 23:00:00 xxx sSMTP[2511]: Cannot open mailhub:25

Additional info:
The solution as discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661954

root# chown -R root:mail /etc/ssmtp/ 
root# chmod -R u=rwX,g=rX,o= /etc/ssmtp
root# chown root:mail /usr/sbin/ssmtp
root# chmod g+s /usr/sbin/ssmtp
Comment 1 Fedora Update System 2013-06-05 04:58:37 EDT
ssmtp-2.61-20.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/ssmtp-2.61-20.el5
Comment 2 Fedora Update System 2013-06-05 04:58:47 EDT
ssmtp-2.61-20.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/ssmtp-2.61-20.el6
Comment 3 Fedora Update System 2013-06-05 05:00:32 EDT
ssmtp-2.61-20.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/ssmtp-2.61-20.fc17
Comment 4 Fedora Update System 2013-06-05 21:34:38 EDT
Package ssmtp-2.61-20.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ssmtp-2.61-20.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-10128/ssmtp-2.61-20.fc17
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2013-06-06 10:10:11 EDT
ssmtp-2.64-7.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/ssmtp-2.64-7.fc18
Comment 6 Fedora Update System 2013-06-08 16:56:25 EDT
ssmtp-2.64-7.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/ssmtp-2.64-7.fc19
Comment 7 Fedora Update System 2013-07-03 20:52:21 EDT
ssmtp-2.64-7.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-07-03 21:00:09 EDT
ssmtp-2.64-7.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2013-07-03 21:02:03 EDT
ssmtp-2.61-20.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-08-20 05:13:13 EDT
ssmtp-2.61-21.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/ssmtp-2.61-21.el5
Comment 11 Fedora Update System 2013-08-20 05:13:33 EDT
ssmtp-2.64-9.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/ssmtp-2.64-9.fc19
Comment 12 Fedora Update System 2013-08-20 05:13:47 EDT
ssmtp-2.64-9.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/ssmtp-2.64-9.fc18
Comment 13 Fedora Update System 2013-08-20 05:14:03 EDT
ssmtp-2.61-21.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/ssmtp-2.61-21.el6
Comment 14 Fedora Update System 2013-08-30 18:58:54 EDT
ssmtp-2.64-9.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2013-08-30 19:00:21 EDT
ssmtp-2.64-9.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2014-01-12 14:19:01 EST
ssmtp-2.61-21.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2014-01-12 14:19:57 EST
ssmtp-2.61-21.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.