On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security
Team wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
> _
>
> Mandrake Linux Security Update Advisory
> _______________________________________________________________________
> _
>
> Package name: perl-MailTools
> Advisory ID: MDKSA-2002:076
> Date: November 7th, 2002
>
> Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0
> _______________________________________________________________________
> _
>
> Problem Description:
>
> A vulnerability was discovered in Mail::Mailer perl module by the SuSE
> security team during an audit. The vulnerability allows remote
> attackers to execute arbitrary commands in certain circumstances due
> to the usage of mailx as the default mailer, a program that allows
> commands to be embedded in the mail body.
>
> This module is used by some auto-response programs and spam filters
> which make use of Mail::Mailer.
> _______________________________________________________________________
> _
>
> References:
>
> http://mail.python.org/pipermail/python-dev/2002-August/027223.html
> http://python.org/sf/590294
My apologies. These aren't the references for this vulnerability;
they're for the python vulnerability we're working on.
On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security
Team wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
> _
>
> Mandrake Linux Security Update Advisory
> _______________________________________________________________________
> _
>
> Package name: perl-MailTools
> Advisory ID: MDKSA-2002:076
> Date: November 7th, 2002
>
> Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0
> _______________________________________________________________________
> _
>
> Problem Description:
>
> A vulnerability was discovered in Mail::Mailer perl module by the SuSE
> security team during an audit. The vulnerability allows remote
> attackers to execute arbitrary commands in certain circumstances due
> to the usage of mailx as the default mailer, a program that allows
> commands to be embedded in the mail body.
>
> This module is used by some auto-response programs and spam filters
> which make use of Mail::Mailer.
> _______________________________________________________________________
> _
>
> References:
>
> http://mail.python.org/pipermail/python-dev/2002-August/027223.html
> http://python.org/sf/590294
My apologies. These aren't the references for this vulnerability;
they're for the python vulnerability we're working on.
Sorry for the confusion.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
[ reply ]