• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PERL-MailTools Remote Command Execution Vulnerability

Solution:
Gentoo Linux has released an advisory. Users who have installed dev-perl/MailTools-1.44-r1 and earlier are advised to update their systems by issuing the following commands:

emerge rsync
emerge MailTools
emerge clean

Mandrake has released MDKSA-2002:076, including fixes which address this issue. Users are advised to upgrade.

Debian has released DSA 386-1, including fixes which address this issue. Users are advised to upgrade.

The following fixes are available:


perl-MailTools perl-MailTools 1.1401

• S.u.S.E. perl-MailTools-1.1401-110.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/perl2/perl-MailTools-1.1401 -110.ppc.rpm


• S.u.S.E. perl-MailTools-1.1401-111.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/perl2/perl-MailTools-1.1401 -111.ppc.rpm


• S.u.S.E. perl-MailTools-1.1401-187.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/perl2/perl-MailTools-1.140 1-187.i386.rpm


• S.u.S.E. perl-MailTools-1.1401-187.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/perl2/perl-MailTools-1.140 1-187.i386.rpm


• S.u.S.E. perl-MailTools-1.1401-188.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/perl2/perl-MailTools-1.140 1-188.i386.rpm


• S.u.S.E. perl-MailTools-1.1401-65.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/perl2/perl-MailTools-1.14 01-65.sparc.rpm


• S.u.S.E. perl-MailTools-1.1401-69.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/perl2/perl-MailTools-1.1401 -69.alpha.rpm

perl-MailTools perl-MailTools 1.42

• S.u.S.E. perl-MailTools-1.42-120.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/perl3/perl-MailTools-1.42- 120.i386.rpm


• S.u.S.E. perl-MailTools-1.47-29.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/perl-MailTools-1. 47-29.i586.rpm

perl-MailTools perl-MailTools 1.44

• Debian libmailtools-perl_1.44-1woody2_all.deb
  http://security.debian.org/pool/updates/main/libm/libmailtools-perl/li bmailtools-perl_1.44-1woody2_all.deb


• Debian mailtools_1.44-1woody2_all.deb
  http://security.debian.org/pool/updates/main/libm/libmailtools-perl/ma iltools_1.44-1woody2_all.deb

perl-MailTools perl-MailTools 1.47

• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Linux-Mandrake 7.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 8.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 8.0/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 8.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 8.1/IA64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.noarch.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 7.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 8.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 8.0/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 8.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 8.1/IA64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-MailTools-1.47-1.1mdk.src.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• S.u.S.E. perl-MailTools-1.47-29.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/perl-MailTools-1. 47-29.i586.rpm