Am 11.02.2011 00:54, schrieb Adam Katz: > On 02/10/2011 09:42 AM, Michael Scheidell wrote: >> active exploits going on. >> >> <http://seclists.org/fulldisclosure/2010/Mar/140> >> <http://www.securityfocus.com/bid/38578> >> >> Vulnerable: SpamAssassin Milter Plugin SpamAssassin Milter Plugin 0.3.1 >> >> I don't see anything on bugtraq about a fix. > > The fix (to use popenenv in place of popen) has been noted on the > spamass-milter list. It was released downstream by both Red Hat and > Debian in March 2010: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228 > > I've attached the current diff from Debian (note it includes everything, > including the debian/ subdirectory, rather than just that one issue). > > > ... Why is Amavis here for the ride? They don't use spamass-milter!
as far i know this bug was fixed last year on a standart default postfix this rcpt to: root+:"|touch /tmp/foo" doesnt work anyway -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria