Package: mailscanner Version: 4.79.11-2 Severity: grave Tags: security Hi,
CVE-2008-5313 mentions multiple vulnerable scripts in mailscanner, some of which were fixed. However, some of the scripts were not completely fixed, like the following: /etc/MailScanner/autoupdate/clamav-autoupdate: > $LogFile = "/tmp/ClamAV.update.log"; ... > unlink $LogFile; > $Command = "$ClamUpdateCommand --quiet -l $LogFile"; Which is still vulnerable due to a race condition. Grepping the sources reveals the following (excluding the ones that use mkdir, since those are more or less fine because mkdir is atomic:) /etc/MailScanner/wrapper/bitdefender-wrapper:LogFile=/tmp/log.bdc.$$ /etc/MailScanner/wrapper/kaspersky-wrapper: Report=/tmp/kavoutput.tmp.$$ /etc/MailScanner/autoupdate/clamav-autoupdate:$LogFile = "/tmp/ClamAV.update.log"; /etc/MailScanner/autoupdate/f-prot-6-autoupdate:my $logfile = "/tmp/f-prot-6- update-$$"; /etc/MailScanner/autoupdate/f-prot-6-autoupdate: unlink "/tmp/fpavdef.lock"; Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
