On 10/02/2011 19:21, David F. Skoll wrote:
On Thu, 10 Feb 2011 12:42:40 -0500 Michael Scheidell<michael.scheid...@secnap.com> wrote:heads up:Aieee.... popen() in security-sensitive software!??!?? Also, why does the milter process run as root? That seems like a huge hole all by itself.
Under CentOS spamass-milter appears to run as sa-milt.The Vulnerability is only active if the milter is run with the '-x' expand (for virtusertable / alias expansion) option.
While the project page is inactive, the distribution packages of spamass-milter often contain unofficial patches which expand its features, and wouldn't surprise me if they also fix this vulnerability.
I believe Dan Nelson was the maintainer of the package, not sure if it is the same Dan Nelson that is often present on the MySQL lists.
Anyone know whether the CentOS one is vulnerable? Name : spamass-milter Arch : i386 Version : 0.3.1 Release : 24.rhel5 -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
