On 10/02/2011 19:21, David F. Skoll wrote:
On Thu, 10 Feb 2011 12:42:40 -0500
Michael Scheidell<michael.scheid...@secnap.com>  wrote:

heads up:
Aieee.... popen() in security-sensitive software!??!??

Also, why does the milter process run as root?  That seems like a huge
hole all by itself.

Under CentOS spamass-milter appears to run as sa-milt.

The Vulnerability is only active if the milter is run with the '-x' expand (for virtusertable / alias expansion) option.

While the project page is inactive, the distribution packages of spamass-milter often contain unofficial patches which expand its features, and wouldn't surprise me if they also fix this vulnerability.

I believe Dan Nelson was the maintainer of the package, not sure if it is the same Dan Nelson that is often present on the MySQL lists.

Anyone know whether the CentOS one is vulnerable?

Name       : spamass-milter
Arch       : i386
Version    : 0.3.1
Release    : 24.rhel5

--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to