Full Disclosure mailing list archives
Re: MDKSA-2002:076 - perl-MailTools update
From: Vincent Danen <vdanen () mandrakesoft com>
Date: Thu, 7 Nov 2002 18:38:23 -0700
On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security Team wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1_______________________________________________________________________ _Mandrake Linux Security Update Advisory_______________________________________________________________________ _Package name: perl-MailTools Advisory ID: MDKSA-2002:076 Date: November 7th, 2002 Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0_______________________________________________________________________ _Problem Description: A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body. This module is used by some auto-response programs and spam filters which make use of Mail::Mailer._______________________________________________________________________ _References: http://mail.python.org/pipermail/python-dev/2002-August/027223.html http://python.org/sf/590294
My apologies. These aren't the references for this vulnerability; they're for the python vulnerability we're working on.
Sorry for the confusion. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
Attachment:
PGP.sig
Description:
Current thread:
- MDKSA-2002:076 - perl-MailTools update Mandrake Linux Security Team (Nov 07)
- <Possible follow-ups>
- Re: MDKSA-2002:076 - perl-MailTools update Vincent Danen (Nov 07)