[Security Announce] Re: MDKSA-2002:076 - perl-MailTools update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security  
Team wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________ 
> _
>
>                 Mandrake Linux Security Update Advisory
> _______________________________________________________________________ 
> _
>
> Package name:           perl-MailTools
> Advisory ID:            MDKSA-2002:076
> Date:                   November 7th, 2002
>
> Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0
> _______________________________________________________________________ 
> _
>
> Problem Description:
>
>  A vulnerability was discovered in Mail::Mailer perl module by the SuSE
>  security team during an audit.  The vulnerability allows remote
>  attackers to execute arbitrary commands in certain circumstances due
>  to the usage of mailx as the default mailer, a program that allows
>  commands to be embedded in the mail body.
>
>  This module is used by some auto-response programs and spam filters
>  which make use of Mail::Mailer.
> _______________________________________________________________________ 
> _
>
> References:
>
>   http://mail.python.org/pipermail/python-dev/2002-August/027223.html
>   http://python.org/sf/590294

My apologies.  These aren't the references for this vulnerability;  
they're for the python vulnerability we're working on.

Sorry for the confusion.

--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

Attachment: PGP.sig
Description: PGP signature


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux