Bugtraq mailing list archives
CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman
From: secure () CONECTIVA COM BR
Date: Wed, 2 Aug 2000 17:11:48 -0300
---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ---------------------------------------------------------------------- PACKAGE : mailman SUMMARY : Obtaining mailman user privilieges DATE : 2000-08-02 AFFECTED CONECTIVA VERSIONS : 4.1, 4.2, 5.0 and 5.1 DESCRIPTION The wrapper program supplied with the mailman package has a format bug which could be exploited to obtain the privileges of the mailman user. This user has read and write access to all files of the mailman package. Note that this vulnerability can only be exploited by local users with shell access. SOLUTION All mailman users should upgrade to the package listed below. Besides the security fix, this version also fixes a problem with the authorization cookie used for the admin pages. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/mailman-2.0beta5-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/mailman-2.0beta5-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/mailman-2.0beta5-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/mailman-2.0beta5-1cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/mailman-2.0beta5-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/mailman-2.0beta5-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/mailman-2.0beta5-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/mailman-2.0beta5-1cl.src.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe () bazar conectiva com br unsubscribe: atualizacoes-anuncio-unsubscribe () bazar conectiva com br
Current thread:
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman secure (Aug 02)