klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Wed Nov 06, 2002 3:31 pm Post subject: [gentoo-announce] GLSA: MailTools |
|
|
Daniel Ahlberg wrote: | - - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-001
- - --------------------------------------------------------------------
PACKAGE : MailTools
SUMMARY : remote command execution
DATE : 2002-11-06 14:11 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body.
Vulnerable to this attack are custom auto reply programs or spam filters
which use Mail::Mailer directly or indirectly.
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-perl/MailTools-1.44-r1 and earlier update their systems as follows:
emerge rsync
emerge MailTools
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - -------------------------------------------------------------------- |
Mailing List Archive: (unavailable)
--kurt _________________ The problem with political jokes is that they get elected |
|