[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Julian Field
MailScanner at ecs.soton.ac.uk
Tue Dec 9 14:58:32 GMT 2008
On 9/12/08 14:43, Martin Hepworth wrote:
> 2008/12/9<simon.walter at hp-factory.de>:
>
>>> On 9/12/08 11:58, simon.walter at hp-factory.de wrote:
>>>
>>>> Did you read my first mail which started thsi thread?
>>>>
>>>>
>>> Yes.
>>> What would you recommend as the best solution to the problem?
>>>
>> In short: I can't fix it, would be nice if you could fix it.
>>
>> I'll just quote my comment to the debian-bugreport:
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#13
>>
>> --
>> Regards
>> Simon
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
>
>
> Jules
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
>
> seems to have a comprehensive list of the other files involved.
>
>
Yes, it does, I can run "grep" too. But they still don't explain
precisely what the problem actually is nor have any suggestions on how I
should correctly fix it.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list