Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt

David F. Skoll Thu, 10 Feb 2011 10:22:05 -0800

On Thu, 10 Feb 2011 12:42:40 -0500
Michael Scheidell <michael.scheid...@secnap.com> wrote:


> heads up:

Aieee.... popen() in security-sensitive software!??!??

Also, why does the milter process run as root?  That seems like a huge
hole all by itself.

Regards,

David.

Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt

Reply via email to