• info
• discussion
• exploit
• solution
• references

Getmail Local Symbolic Link Vulnerability

Solution:
The vendor has released an upgrade dealing with this issue.

Gentoo Linux has released advisory GLSA 200409-32 addressing this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=net-mail/getmail-4.2.0"
emerge ">=net-mail/getmail-4.2.0"

Debian has released an advisory (DSA 553-1) and fixes to address this issue. See the referenced advisory for fix information.

Slackware Linux has released advisory SSA:2004-278-01 along with fixes to address this issue. Please see the referenced advisory for further information.


Slackware Linux -current

• Slackware getmail-4.2.0-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ge tmail-4.2.0-noarch-1.tgz

Slackware Linux 10.0

• Slackware getmail-4.2.0-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ getmail-4.2.0-noarch-1.tgz

getmail getmail 2.3.7

• Debian getmail_2.3.7-2_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2 _all.deb

getmail getmail 4.0

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0 .0b10

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.1

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.10

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.11

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.12

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.13

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.2

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.3

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.4

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.5

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.6

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.7

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.8

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.0.9

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.1

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.1.1

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.1.2

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.1.3

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.1.4

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

getmail getmail 4.1.5

• getmail getmail-4.2.0.tar.gz
  http://www.qcc.ca/~charlesc/software/getmail-4/old-versions/getmail-4. 2.0.tar.gz

Slackware Linux 9.1

• Slackware getmail-3.2.5-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/g etmail-3.2.5-noarch-1.tgz