[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Rem
|
From: |
Andrew Daviel |
|
Subject: |
Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt |
|
Date: |
Thu, 10 Feb 2011 13:54:47 -0800 (PST) |
On Thu, 10 Feb 2011, Adam Katz wrote:
I'm subscribed under a different address between these lists, so my
cross-post to this list failed. Post attached.
The securityfocus page lists some Debian fixes. The Debian patch
spamass-milter_0.3.1-8+lenny2.diff.gz changelog includes:
+spamass-milter (0.3.1-8+lenny1) stable-security; urgency=high
+
+ * Use new popenenv function instead of open; fixes remote code exploit
+ as the spamass-milter user when run using -x. (closes: #573228)
+
+ -- Don Armstrong <address@hidden> Wed, 17 Mar 2010 12:52:56 -0700
(from http://security.debian.org/pool/updates/main/s/spamass-milter/)
also e.g.
+spamass-milter (0.3.1-3) unstable; urgency=low
+
+ * Use dirname instead of basename (closes: #391909)
+ * Add RUNAS option to change the user that spamass-milter runs as.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager