aru Posted September 21, 2005 Report Share Posted September 21, 2005 Mandriva Security Advisories MDKSA-2005:168 : masqmail Updated masqmail packages fix vulnerabilities September 20th, 2005 Jens Steube discovered two vulnerabilities in masqmail: When sending failed mail messages, the address was not properly sanitized which could allow a local attacker to execute arbitrary commands as the mail user (CAN-2005-2662). When opening the log file, masqmail did not relinquish privileges, which could allow a local attacker to overwrite arbitrary files via a symlink attack (CAN-2005-2663). The updated packages have been patched to address these issues. The released versions of Mandriva GNU/Linux affected are: MNF2.0Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:168 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2663 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts