[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

[Kai Schaetzl]

@ecs.soton.ac.uk>
Reply-To: mailscanner at lists.mailscanner.info

Julian Field wrote on Thu, 11 Dec 2008 20:24:07 +0000:

> 782198 11 Dec 14:02 mailscanner-4.74.6-1.noarch.rpm
> so 782198 bytes. Please compare this with what you have downloaded.

-rw-r--r-- 1 root root 782198 Dec 11 15:02 mailscanner-4.74.6-1.noarch.rpm
-rw-r--r-- 1 root root 782261 Dec 11 21:26 mailscanner-4.74.6-2.noarch.rpm

> MailScanner --lint
> and
> /usr/sbin/update_virus_scanners
> 
> If it complains about there not being a MailScannerCreateLocks or 
> anything in /usr/lib/MailScanner/mailscanner_create_locks or the 
> /usr/sbin/mailscanner_create_locks script not existing, please do
> ls -ld /usr/sbin/mail* /usr/sbin/Mail*

everything fine.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com