• info
• discussion
• exploit
• solution
• references

MasqMail Local Privilege Escalation Vulnerabilities

Solution:
Mandriva has released advisory MDKSA-2005:168 to address these issues. Please see the referenced advisory for more information.

Debian GNU/Linux has released advisory DSA 848-1, along with fixes to address these issues. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


MasqMail MasqMail 0.2.18

• Mandriva masqmail-0.2.18-3.1.M20mdk.i586.rpm
  Multi Network Firewall 2.0
  http://www1.mandrivalinux.com/en/ftp.php3

MasqMail MasqMail 0.2.20

• Debian masqmail_0.2.20-1sarge1_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_alpha.deb


• Debian masqmail_0.2.20-1sarge1_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_arm.deb


• Debian masqmail_0.2.20-1sarge1_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_hppa.deb


• Debian masqmail_0.2.20-1sarge1_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_i386.deb


• Debian masqmail_0.2.20-1sarge1_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_ia64.deb


• Debian masqmail_0.2.20-1sarge1_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_m68k.deb


• Debian masqmail_0.2.20-1sarge1_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_mips.deb


• Debian masqmail_0.2.20-1sarge1_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_mipsel.deb


• Debian masqmail_0.2.20-1sarge1_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_powerpc.deb


• Debian masqmail_0.2.20-1sarge1_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_s390.deb


• Debian masqmail_0.2.20-1sarge1_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.2 0-1sarge1_sparc.deb