On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security Team wrote:
-----BEGIN PGP SIGNED MESSAGE-----My apologies. These aren't the references for this vulnerability; they're for the python vulnerability we're working on.
Hash: SHA1
_______________________________________________________________________ _
Mandrake Linux Security Update Advisory
_______________________________________________________________________ _
Package name: perl-MailTools
Advisory ID: MDKSA-2002:076
Date: November 7th, 2002
Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0
_______________________________________________________________________ _
Problem Description:
A vulnerability was discovered in Mail::Mailer perl module by the SuSE
security team during an audit. The vulnerability allows remote
attackers to execute arbitrary commands in certain circumstances due
to the usage of mailx as the default mailer, a program that allows
commands to be embedded in the mail body.
This module is used by some auto-response programs and spam filters
which make use of Mail::Mailer.
_______________________________________________________________________ _
References:
http://mail.python.org/pipermail/python-dev/2002-August/027223.html
http://python.org/sf/590294
Sorry for the confusion.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature