lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1063647235.3167.48.camel@tantor.nuclearelephant.com>
Date: Mon, 15 Sep 2003 13:33:55 -0400
From: "Jonathan A. Zdziarski" <jonathan@...learelephant.com>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: DSPAM Default Permissions Vulnerability

Date: September 15, 2003
Description: DSPAM Default Permissions Vulnerability
Affected Versions: 2.6.5, 2.6.5.1

About DSPAM:

DSPAM is an advanced anti-spam solution compatible with most UNIX email
server implementations.  DSPAM combines deobfuscation techniques, token
chains, and bayesian statistical analysis to create a very effective
anti-spam engine capable of teaching itself.  DSPAM masquerades as the
system's local delivery agent and performs analysis on a per-user basis.

Synopsis:

In order for the DSPAM agent to function correctly when called by the
quarantine CGI or by some MTAs which drop privileges prior to calling
dspam, the dspam agent must be setgid to have access to its own data. 
In most installations, dspam runs under the group 'mail'.

DSPAM v2.6.5 introduced a new feature providing the ability to change
the delivery agent and quarantine agents via commandline.  Due to the
default installation permissions of DSPAM, however, this functionality
was provided to any users capable of executing the dspam agent enabling
them to run commands in this new group. 

Solution:

Unset the world-execute bit of the dspam agent's file permissions, or
upgrade to v2.6.5.2.  Alternatively, more daring users may try
v2.7.0.beta.3, which incorporates trusted user security.





Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ