Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

retitle 506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack thanks On Wednesday 03 December 2008, Simon Walter wrote: > > Hello, Hello, [...] > > I have put Julian Field (upstream author) in CC to inform him about > all this. (@Julian: t

Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

package mailscanner tags 506353 help upstream confirmed thanks Hello, Mark Purcell <[EMAIL PROTECTED]> writes: > On Friday 21 November 2008 08:24:46 Raphael Geissert wrote: >> I'm using severity grave as this package should definitely not be shipped >> in any release as is. > > Simon, > > This R

Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

On Friday 21 November 2008 08:24:46 Raphael Geissert wrote: > I'm using severity grave as this package should definitely not be shipped > in any release as is. Simon, This RC bug was reported almost two weeks ago without any comment from you. Are you in a position to investigate and propose a wa

Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Package: mailscanner Version: 4.55.10-3 Severity: grave Tags: security Hi, I have found more issues on the autoupdate scripts and other files shipped by mailscanner than those reported in CVE-2008-5140[1]. In 4.55.10-3, grepping the files throw this: /etc/MailScanner/autoupdate/: > f-prot-autou