The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


GLSA: MailTools


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 6 Nov 2002 15:47:56 +0100
From: Daniel Ahlberg <[email protected]>
To: [email protected]
Subject: GLSA: MailTools

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-001
- - --------------------------------------------------------------------

PACKAGE : MailTools
SUMMARY═: remote command execution
DATE ══ : 2002-11-06 14:11 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

The SuSE Security Team reviewed critical Perl modules, including the
Mail::Mailer package. This package contains a security hole which allows
remote attackers to execute arbitrary commands in certain circumstances.
This is due to the usage of mailx as default mailer which allows commands
to be embedded in the mail body.
Vulnerable to this attack are custom auto reply programs or spam filters
which use Mail::Mailer directly or indirectly.

SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-perl/MailTools-1.44-r1 and earlier update their systems as follows:

emerge rsync
emerge MailTools
emerge clean

- - --------------------------------------------------------------------
[email protected] - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9ySubfT7nyhUpoZMRAgIeAJ4zSYKNfFatgEwUaq/6pskWFY333wCeLBvG
9WiQs7LM4yGUDNk0jH/k/Fw=
=ZOPv
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру