mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
Is TEMP-000-477739 same as CVE-2010-3095? """ Index: data/CVE/list === --- data/CVE/list (revision 15492) +++ data/CVE/list (revision 15493) @@ -2354,7 +2354,7 @@ NOT-FOR-US: SoftX FTP Client 3.3 CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313] RESERVED - - mailscanner (bug #596403) + - mailscanner 4.79.11-2.1 (bug #596403) CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...) {DSA-2113-1} - drupal6 6.18-1 (low; bug #592716) """ Links: http://security-tracker.debian.org/tracker/TEMP-000-477739 http://security-tracker.debian.org/tracker/CVE-2008-5313 http://security-tracker.debian.org/tracker/CVE-2010-3095 http://www.mail-archive.com/debian-security-tracker@lists.debian.org/msg01016.html By the way: """ [Date: Sun, 27 Feb 2011 10:33:42 +] [ftpmaster: Alexander Reichle-Schmehl] Removed the following packages from unstable: mailscanner | 4.79.11-2.2 | source, all Closed bugs: 531317 --- Reason --- RoQA; orphaned -- Also closing bug(s): 303929 313145 353266 408161 410647 490948 506148 577916 583527 595945 596396 596397 596398 596399 596400 596510 596512 596514 597611 598726 605869 607226 607747 608337 Also closing WNPP bug(s): """ Best regards, Henri Salo -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110804123941.ga27...@foo.fgeek.fi
Re: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
On Fri, Feb 25, 2011 at 05:54:42AM +0200, he...@nerv.fi wrote: > I think a CVE ID for mailscanner issue "lock/pid file location symlink > attack" is CVE-2008-5313. > > References: > 1: http://security-tracker.debian.org/tracker/TEMP-000-477739 > 2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5313 > 3: http://security-tracker.debian.org/tracker/CVE-2010-3095 > 4: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403 I'm not sure, there's three years time gap between and the description only mentions other temporary files than the PID file? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110225095306.ga26...@inutil.org
mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
I think a CVE ID for mailscanner issue "lock/pid file location symlink attack" is CVE-2008-5313. References: 1: http://security-tracker.debian.org/tracker/TEMP-000-477739 2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5313 3: http://security-tracker.debian.org/tracker/CVE-2010-3095 4: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403 Best regards, Henri Salo -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110225035442.ga8...@nashi.nerv.fi