[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Kai Schaetzl maillists at conactive.com
Tue Dec 9 14:31:15 GMT 2008

Simon.walter at hp-factory.de wrote on Tue, 9 Dec 2008 11:58:03 -0000 (UTC):

> Funny how everybody focuses on this little, unimportant, technical problem
> but ignores the real cause of my mail.

The trend-updater problem has already been fixed in recent MS. I assume the 
other scripts will get fixed one by one over time if there really is a need.

BTW, there was one sentence in your original quotes I absolutely agree with: 

> In the current state the package should not be part of
> the lenny release.

looking at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 the 
MailScanner version in debian-stable is 4.55.10. That should indeed not be 
used anymore. If I understand this correctly the stable version is what 
comes with the current Debian 4.0?


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

More information about the MailScanner mailing list