[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
simon.walter at hp-factory.de
simon.walter at hp-factory.de
Tue Dec 9 14:24:04 GMT 2008
Hello,
> 2008/12/9 <simon.walter at hp-factory.de>:
>> Did you read my first mail which started thsi thread?
>
> the 'other' problem you got is that you're running an ancient version
> of mailscanner (which many debian users do). latest version is
> 4.73.4-2.
4.71.10 isn't ancient.
> If you install that ( via the tar.gz generic installer or a
> more upto date debian respository) you may find the issue has already
> been fixed.
or I may not.
Lastest version of MailScanner fixes only one problem.
1/12/2008 New in Version 4.73.4-2
2 Security issue in "trend-autoupdate" resolved.
also known as CVE-2008-5140[1].
The bugreport[2] I refer to is about a hole bunch of similar security
problems[3][4] in MailScanner
--
Regards
Simon
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5140
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
More information about the MailScanner
mailing list