Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[Security Announce] Re: MDKSA-2002:076 - perl-MailTools update

From: Vincent Danen <vdanen () mandrakesoft com>
Date: Thu, 7 Nov 2002 18:38:23 -0700
On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security Team wrote: 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________ _ 

                Mandrake Linux Security Update Advisory
_______________________________________________________________________ _ 

Package name:           perl-MailTools
Advisory ID:            MDKSA-2002:076
Date:                   November 7th, 2002

Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0
_______________________________________________________________________ _ 

Problem Description:

 A vulnerability was discovered in Mail::Mailer perl module by the SuSE
 security team during an audit.  The vulnerability allows remote
 attackers to execute arbitrary commands in certain circumstances due
 to the usage of mailx as the default mailer, a program that allows
 commands to be embedded in the mail body.

 This module is used by some auto-response programs and spam filters
 which make use of Mail::Mailer.
_______________________________________________________________________ _ 

References:

  http://mail.python.org/pipermail/python-dev/2002-August/027223.html
  http://python.org/sf/590294
My apologies. These aren't the references for this vulnerability; they're for the python vulnerability we're working on. 

Sorry for the confusion.

--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

Attachment: PGP.sig
Description:

Previous By Date Next
Previous By Thread Next

Current thread: