lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C524F2E3-F2BA-11D6-9834-00039344D6A2@mandrakesoft.com>
From: vdanen at mandrakesoft.com (Vincent Danen)
Subject: Re: MDKSA-2002:076 - perl-MailTools update


On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security  
Team wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________ 
> _
>
>                 Mandrake Linux Security Update Advisory
> _______________________________________________________________________ 
> _
>
> Package name:           perl-MailTools
> Advisory ID:            MDKSA-2002:076
> Date:                   November 7th, 2002
>
> Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0
> _______________________________________________________________________ 
> _
>
> Problem Description:
>
>  A vulnerability was discovered in Mail::Mailer perl module by the SuSE
>  security team during an audit.  The vulnerability allows remote
>  attackers to execute arbitrary commands in certain circumstances due
>  to the usage of mailx as the default mailer, a program that allows
>  commands to be embedded in the mail body.
>
>  This module is used by some auto-response programs and spam filters
>  which make use of Mail::Mailer.
> _______________________________________________________________________ 
> _
>
> References:
>
>   http://mail.python.org/pipermail/python-dev/2002-August/027223.html
>   http://python.org/sf/590294

My apologies.  These aren't the references for this vulnerability;  
they're for the python vulnerability we're working on.

Sorry for the confusion.

--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021107/eb52907c/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ