Gentoo Security Bugs on MailScanner

John Wilcock john at tradoc.fr
Tue Apr 20 07:37:10 IST 2010


Le 20/04/2010 01:10, Noel Butler a écrit :
>   root at dev:/tmp# rm /tmp/ClamAV.update.log
>   root at dev:/tmp# ln -s /etc/passwd /tmp/ClamAV.update.log
>
> < gave my login a shell, su'd to me, and cat of ClavAV.update.log
> verifies a non priv user can view the contents as one expects, but is
> useless since its not a shadow file>

Well, in attempting to explain these so-called symlink vulnerabilities, 
I chose /etc/passwd as a well-known system file, though I'm well aware 
that on many recent systems it isn't what counts. But the same principle 
could of course be used to malevolently overwrite whatever important 
system file you want.

> using antiquated versions is one way where Julian may not give high
> priority into looking into such things when he returns.

Despite the title of the gentoo bug referred to, the gentoo tree now 
contains (unless the removal threat has been carried out) an ebuild for 
MailScanner 4.79.11, the latest stable version, which still contains 
some symlink vulnerabilities.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr


More information about the MailScanner mailing list