Package: milter-greylist Version: 3.0-3+b1 Severity: serious Tags: security
Hello Cord, milter-greylist includes a binary /usr/sbin/milter-greylist with a rpath pointing to yes/lib. chrpath /usr/sbin/milter-greylist /usr/sbin/milter-greylist: RPATH=yes/lib This allows an attacker with write access to the current working directory where /usr/sbin/milter-greylist is started to create a directory yes/lib and add modified libraries which will be loaded when someone else run milter-greylist. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]