Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA197] DSA-197-1 courier Vulnerability Scan

Vulnerability Scan Summary
DSA-197-1 courier

Detailed Explanation for this Vulnerability Test

A problem in the Courier sqwebmail package, a CGI program to grant
authenticated access to local mailboxes, has been discovered. The
program did not drop permissions fast enough upon startup under
certain circumstances so a local shell user can execute the sqwebmail
binary and manage to read an arbitrary file on the local filesystem.
This problem has been fixed in version 0.37.3-2.3 for the current
stable distribution (woody) and in version 0.40.0-1 for the unstable
distribution (sid). The old stable distribution (potato) does not
contain Courier sqwebmail packages. courier-ssl packages
are also not affected since they don't expose an sqwebmail package.
We recommend that you upgrade your sqwebmail package immediately.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.