subject:"mailscanner\: lock\/pid file location symlink attack \/ TEMP\-0000000\-477739"

mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

2011-08-04 Thread Henri Salo

Is TEMP-000-477739 same as CVE-2010-3095?

"""
Index: data/CVE/list
===
--- data/CVE/list   (revision 15492)
+++ data/CVE/list   (revision 15493)
@@ -2354,7 +2354,7 @@
NOT-FOR-US: SoftX FTP Client 3.3
 CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
RESERVED
-   - mailscanner  (bug #596403)
+   - mailscanner 4.79.11-2.1 (bug #596403)
 CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 
6.x ...)
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
"""

Links:
http://security-tracker.debian.org/tracker/TEMP-000-477739
http://security-tracker.debian.org/tracker/CVE-2008-5313
http://security-tracker.debian.org/tracker/CVE-2010-3095
http://www.mail-archive.com/debian-security-tracker@lists.debian.org/msg01016.html

By the way:

"""
[Date: Sun, 27 Feb 2011 10:33:42 +] [ftpmaster: Alexander Reichle-Schmehl]
Removed the following packages from unstable:

mailscanner | 4.79.11-2.2 | source, all
Closed bugs: 531317

--- Reason ---
RoQA; orphaned
--
Also closing bug(s): 303929 313145 353266 408161 410647 490948 506148 577916 
583527 595945 596396 596397 596398 596399 596400 596510 596512 596514 597611 
598726 605869 607226 607747 608337
Also closing WNPP bug(s):
"""

Best regards,
Henri Salo


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110804123941.ga27...@foo.fgeek.fi

Re: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

2011-02-25 Thread Moritz Muehlenhoff

On Fri, Feb 25, 2011 at 05:54:42AM +0200, he...@nerv.fi wrote:
> I think a CVE ID for mailscanner issue "lock/pid file location symlink 
> attack" is CVE-2008-5313.
> 
> References:
> 1: http://security-tracker.debian.org/tracker/TEMP-000-477739
> 2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5313
> 3: http://security-tracker.debian.org/tracker/CVE-2010-3095
> 4: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403

I'm not sure, there's three years time gap between and the description
only mentions other temporary files than the PID file?

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110225095306.ga26...@inutil.org

mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

2011-02-24 Thread henri

I think a CVE ID for mailscanner issue "lock/pid file location symlink attack" 
is CVE-2008-5313.

References:
1: http://security-tracker.debian.org/tracker/TEMP-000-477739
2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5313
3: http://security-tracker.debian.org/tracker/CVE-2010-3095
4: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403

Best regards,
Henri Salo


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110225035442.ga8...@nashi.nerv.fi

mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

Re: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

3 matches

Site Navigation

Mail list logo

Footer information