GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Sep 27, 2012 1:26 pm Post subject: [ GLSA 201209-18 ] Postfixadmin: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: Postfixadmin: Multiple vulnerabilities (GLSA 201209-18)
Severity: normal
Exploitable: remote
Date: September 27, 2012
Bug(s): #400971
ID: 201209-18
Synopsis
Multiple vulnerabilities have been found in Postfixadmin which may
lead to SQL injection or cross-site scripting attacks.
Background
Postfixadmin is a web-based management tool for Postfix-style virtual
domains and users.
Affected Packages
Package: www-apps/postfixadmin
Vulnerable: < 2.3.5
Unaffected: >= 2.3.5
Architectures: All supported architectures
Description
Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site
scripting vulnerabilities (CVE-2012-0812) have been found in
Postfixadmin.
Impact
A remote attacker could exploit these vulnerabilities to execute
arbitrary SQL statements or arbitrary HTML and script code.
Workaround
There is no known workaround at this time.
Resolution
All Postfixadmin users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/postfixadmin-2.3.5"
|
References
CVE-2012-0811
CVE-2012-0812 |
|