[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

simon.walter at hp-factory.de simon.walter at hp-factory.de
Tue Dec 9 14:24:04 GMT 2008


> 2008/12/9  <simon.walter at hp-factory.de>:
>> Did you read my first mail which started thsi thread?
> the 'other' problem you got is that you're running an ancient version
> of mailscanner (which many debian users do). latest version is
> 4.73.4-2.

4.71.10 isn't ancient.

> If you install that ( via the tar.gz generic installer or a
> more upto date debian respository) you may find the issue has already
> been fixed.

or I may not.

Lastest version of MailScanner fixes only one problem.

1/12/2008 New in Version 4.73.4-2
2 Security issue in "trend-autoupdate" resolved.

also known as CVE-2008-5140[1].

The bugreport[2] I refer to is about a hole bunch of similar security
problems[3][4] in MailScanner


[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5140
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313

More information about the MailScanner mailing list