[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Martin Hepworth
maxsec at gmail.com
Tue Dec 9 14:43:38 GMT 2008
2008/12/9 <simon.walter at hp-factory.de>:
>> On 9/12/08 11:58, simon.walter at hp-factory.de wrote:
>>> Did you read my first mail which started thsi thread?
>>>
>> Yes.
>> What would you recommend as the best solution to the problem?
>
> In short: I can't fix it, would be nice if you could fix it.
>
> I'll just quote my comment to the debian-bugreport:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#13
>
> --
> Regards
> Simon
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Jules
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
seems to have a comprehensive list of the other files involved.
--
Martin Hepworth
Oxford, UK
More information about the MailScanner
mailing list