Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9767
HistorySep 21, 2005 - 12:00 a.m.

[Full-disclosure] MDKSA-2005:168 - Updated masqmail packages fix vulnerabilities

2005-09-2100:00:00
vulners.com
8
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Mandriva Linux Security Update Advisory

Package name: masqmail
Advisory ID: MDKSA-2005:168
Date: September 20th, 2005

Affected versions: Multi Network Firewall 2.0

Problem Description:

Jens Steube discovered two vulnerabilities in masqmail:

When sending failed mail messages, the address was not properly
sanitized which could allow a local attacker to execute arbitrary
commands as the mail user (CAN-2005-2662).

When opening the log file, masqmail did not relinquish privileges,
which could allow a local attacker to overwrite arbitrary files via a
symlink attack (CAN-2005-2663).

The updated packages have been patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2663

Updated Packages:

Multi Network Firewall 2.0:
368d7259f0d1663f24ab0d96ef316520 mnf/2.0/RPMS/masqmail-0.2.18-3.1.M20mdk.i586.rpm
53c6095a108ea52147909091b262517f mnf/2.0/SRPMS/masqmail-0.2.18-3.1.M20mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDMMmGmqjQ0CJFipgRApDXAJwIW99lzHviDg5Obc+gI6a0Me8vCACfUojK
iLPXki02usAIVZJBAVGsJgM=
=4ieO
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

debian 2
nessus 1
osv 1
openvas 2
debiancve 2
cve 2
ubuntucve 2
debian
debian
[SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities
2005-10-08 08:08:55
[SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities
2005-10-08 08:08:55
nessus
nessus
Debian DSA-848-1 : masqmail - several vulnerabilities
2005-10-11 00:00:00
osv
osv
masqmail - several
2005-10-08 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-848-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 848-1 (masqmail)
2008-01-17 00:00:00
debiancve
debiancve
CVE-2005-2662
2005-09-21 19:03:00
CVE-2005-2663
2005-09-21 19:03:00
cve
cve
CVE-2005-2662
2005-09-21 19:03:00
CVE-2005-2663
2005-09-21 19:03:00
ubuntucve
ubuntucve
CVE-2005-2662
2005-09-21 00:00:00
CVE-2005-2663
2005-09-21 00:00:00
JSON
Related for SECURITYVULNS:DOC:9767
debian2nessus1osv1openvas2debiancve2cve2ubuntucve2