[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C524F2E3-F2BA-11D6-9834-00039344D6A2@mandrakesoft.com>
From: vdanen at mandrakesoft.com (Vincent Danen)
Subject: Re: MDKSA-2002:076 - perl-MailTools update
On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security
Team wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
> _
>
> Mandrake Linux Security Update Advisory
> _______________________________________________________________________
> _
>
> Package name: perl-MailTools
> Advisory ID: MDKSA-2002:076
> Date: November 7th, 2002
>
> Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0
> _______________________________________________________________________
> _
>
> Problem Description:
>
> A vulnerability was discovered in Mail::Mailer perl module by the SuSE
> security team during an audit. The vulnerability allows remote
> attackers to execute arbitrary commands in certain circumstances due
> to the usage of mailx as the default mailer, a program that allows
> commands to be embedded in the mail body.
>
> This module is used by some auto-response programs and spam filters
> which make use of Mail::Mailer.
> _______________________________________________________________________
> _
>
> References:
>
> http://mail.python.org/pipermail/python-dev/2002-August/027223.html
> http://python.org/sf/590294
My apologies. These aren't the references for this vulnerability;
they're for the python vulnerability we're working on.
Sorry for the confusion.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021107/eb52907c/attachment.bin
Powered by blists - more mailing lists