drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in masqmail
Name: |
Zwei Probleme in masqmail |
|
ID: |
MDKSA-2005:168 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Multi Network Firewall 2.0 |
|
Datum: |
Mi, 21. September 2005, 05:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2663 |
|
Applikationen: |
MasqMail |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1127271634-805-4277
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory _______________________________________________________________________
Package name: masqmail Advisory ID: MDKSA-2005:168 Date: September 20th, 2005
Affected versions: Multi Network Firewall 2.0 ______________________________________________________________________
Problem Description:
Jens Steube discovered two vulnerabilities in masqmail: When sending failed mail messages, the address was not properly sanitized which could allow a local attacker to execute arbitrary commands as the mail user (CAN-2005-2662). When opening the log file, masqmail did not relinquish privileges, which could allow a local attacker to overwrite arbitrary files via a symlink attack (CAN-2005-2663). The updated packages have been patched to address these issues. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2663 ______________________________________________________________________
Updated Packages: Multi Network Firewall 2.0: 368d7259f0d1663f24ab0d96ef316520 mnf/2.0/RPMS/masqmail-0.2.18-3.1.M20mdk.i586.rpm 53c6095a108ea52147909091b262517f mnf/2.0/SRPMS/masqmail-0.2.18-3.1.M20mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDMMmGmqjQ0CJFipgRApDXAJwIW99lzHviDg5Obc+gI6a0Me8vCACfUojK iLPXki02usAIVZJBAVGsJgM= =4ieO -----END PGP SIGNATURE-----
------------=_1127271634-805-4277 Content-Type: text/plain; name="message.footer" Content-Disposition: inline; filename="message.footer" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1127271634-805-4277--
|
|
|
|