|
Family: Debian Local Security Checks --> Category: infos
[DSA791] DSA-791-1 maildrop Vulnerability Scan
Vulnerability Scan Summary DSA-791-1 maildrop
Detailed Explanation for this Vulnerability Test
Max Vozeler discovered that the lockmail program from maildrop, a
simple mail delivery agent with filtering abilities, does not drop
group rights before executing commands given on the commandline,
allowing a possible hacker to execute arbitrary commands with rights of
the group mail.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 1.5.3-1.1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 1.5.3-2.
We recommend that you upgrade your maildrop package.
Solution : http://www.debian.org/security/2005/dsa-791
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|