Héctor García Álvarez wrote: > El vie, 25-03-2005 a las 21:54 +0100, Moritz Muehlenhoff escribió: > > Package: smail > > Severity: grave > > Tags: security patch > > Justification: user security hole > > > > [Dear security-team, this should affect Woody as well] > > > > Sean <[EMAIL PROTECTED] has discovered two vulnerabilities in smail, > > that can be exploited to obtain root privileges: > > > > 1. A heap overflow in RFC 821 header parsing permits remote attackers that > > are able to connect to an SMTP server remote code execution with root > > privileges. > > 2. Insecure signal handling may be exploitable to obtain extended privileges > > for local users as well. > > > > For full details see > > http://www.securityfocus.com/archive/1/394286/2005-03-22/2005-03-28/0 > > > > It contains a fix for the heap overflow, which I attach to this report.
You did notice that the author claims the problems not to be exploitable, right? Should be fixed anyway, but without further investigation it may not require a CVE id or a DSA. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. Please always Cc to me when replying to me on the lists.