Family: Debian Local Security Checks --> Category: infos
[DSA848] DSA-848-1 masqmail Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Jens Steube discovered two vulnerabilities in masqmail, a mailer for
hosts without permanent internet connection. The Common
Vulnerabilities and Exposures project identifies the following
When sending failed mail messages, the address is not sanitised,
which allows a local attacker to execute arbitrary commands as the
When opening the log file, masqmail does not relinquish
rights, which allows a local attacker to overwrite arbitrary
files via a symlink attack.
For the old stable distribution (woody) these problems have been fixed in
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your masqmail package.
Solution : http://www.debian.org/security/2005/dsa-848
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.