Family: Debian Local Security Checks --> Category: infos
[DSA197] DSA-197-1 courier Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A problem in the Courier sqwebmail package, a CGI program to grant
authenticated access to local mailboxes, has been discovered. The
program did not drop permissions fast enough upon startup under
certain circumstances so a local shell user can execute the sqwebmail
binary and manage to read an arbitrary file on the local filesystem.
This problem has been fixed in version 0.37.3-2.3 for the current
stable distribution (woody) and in version 0.40.0-1 for the unstable
distribution (sid). The old stable distribution (potato) does not
contain Courier sqwebmail packages. courier-ssl packages
are also not affected since they don't expose an sqwebmail package.
We recommend that you upgrade your sqwebmail package immediately.
Solution : http://www.debian.org/security/2002/dsa-197
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.