[Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Kai Schaetzl
maillists at conactive.com
Tue Dec 9 14:31:15 GMT 2008
Simon.walter at hp-factory.de wrote on Tue, 9 Dec 2008 11:58:03 -0000 (UTC):
> Funny how everybody focuses on this little, unimportant, technical problem
> but ignores the real cause of my mail.
The trend-updater problem has already been fixed in recent MS. I assume the
other scripts will get fixed one by one over time if there really is a need.
BTW, there was one sentence in your original quotes I absolutely agree with:
> In the current state the package should not be part of
> the lenny release.
looking at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 the
MailScanner version in debian-stable is 4.55.10. That should indeed not be
used anymore. If I understand this correctly the stable version is what
comes with the current Debian 4.0?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list