[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Randal, Phil prandal at herefordshire.gov.uk
Fri Dec 12 11:23:38 GMT 2008


Fabulous.

Works for me.

Cheers,

Phil 


--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: prandal at herefordshire.gov.uk

Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council.

This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error please
contact the sender immediately and destroy all copies of it.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 12 December 2008 10:30
To: MailScanner discussion
Subject: Re: [Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more, via symlink attacks

I have released a -2 to fix this. Sorry about that.

On 12/12/08 10:18, Randal, Phil wrote:
> Looks like WorkArea.pm is missing a
>
> use File::Temp;
>
> Cheers,
>
> Phil
>
>
> --
> Phil Randal | Networks Engineer
> Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
> Services Division
> Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
> Tel: 01432 260160
> email: prandal at herefordshire.gov.uk
>
> Any opinion expressed in this e-mail or any attached files are those 
> of the individual and not necessarily those of Herefordshire Council.
>
> This e-mail and any attached files are confidential and intended 
> solely for the use of the addressee. This communication may contain 
> material protected by law from being passed on. If you are not the 
> intended recipient and have received this e-mail in error, you are 
> advised that any use, dissemination, forwarding, printing or copying 
> of this e-mail is strictly prohibited. If you have received this 
> e-mail in error please contact the sender immediately and destroy all
copies of it.
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
> Julian Field
> Sent: 12 December 2008 09:30
> To: MailScanner discussion
> Subject: Re: [Simon Walter] Bug#506353: mailscanner: many scripts 
> allow local users to overwrite arbitrary files, and more, via symlink 
> attacks
>
> I have just released 4.74.7 which fixes this problem and upgrades
"tnef"
>
> to 1.4.5.
>
> On 12/12/08 09:13, Julian Field wrote:
>    
>> On 11/12/08 21:05, Mark Sapiro wrote:
>>      
>>> Julian Field wrote:
>>>        
>>>> On 11/12/08 16:43, Kai Schaetzl wrote:
>>>>          
>>>>> Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:
>>>>>
>>>>>
>>>>>            
>>>>>> Please let me know what you think works and what still doesn't 
>>>>>> work, if anything.
>>>>>>
>>>>>>              
>>>>> So far so good. Got this on first restart:
>>>>>
>>>>> Dec 11 17:31:10 d01 MailScanner[11441]: Could not test file 
>>>>> ownership abilities on 
>>>>> /var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441,
>>>>> please
>>>>> delete the file
>>>>>
>>>>> file doesn't exist, though. Directory contains lockfiles for all 
>>>>> the virusscan wrappers, no matter if in use or not. Is this
>>>>>            
> intended?
>    
>>>>> Everything seems to be fine.
>>>>> How to test? Run /etc/cron.hourly/update_virus_scanners ?
>>>>>
>>>>>            
>>>> Do
>>>> MailScanner --lint
>>>> and
>>>> /usr/sbin/update_virus_scanners
>>>>
>>>> If it complains about there not being a MailScannerCreateLocks or 
>>>> anything in /usr/lib/MailScanner/mailscanner_create_locks or the 
>>>> /usr/sbin/mailscanner_create_locks script not existing, please do 
>>>> ls
>>>>          
>
>    
>>>> -ld /usr/sbin/mail* /usr/sbin/Mail*
>>>>          
>>> MailScanner --lint looks good.
>>>
>>> /usr/sbin/update_virus_scanners produces no error.
>>>
>>> Everything seems to be working normally, but each time a child 
>>> starts, a message like the following is logged:
>>>
>>> Dec 11 11:24:07 sbh16 MailScanner[23654]: Could not test file 
>>> ownership abilities on 
>>> /var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.23654,
>>> please delete the file
>>>        
>> Please try the attached /usr/lib/MailScanner/MailScanner/WorkArea.pm
>> file and restart MailScanner. That should have fixed that problem.
>>
>> Jules
>>
>>      
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> --
> This message has been scanned for viruses and dangerous content by 
> MailScanner, and is believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>    

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


More information about the MailScanner mailing list