On 02/11/2011 03:39 AM, Giles Coochey wrote: > Under CentOS spamass-milter appears to run as sa-milt.
IIRC, Debian does this too. However, the -x flag may require running as root, so it is possible (I have not verified) that it never downgrades its privileges. > The Vulnerability is only active if the milter is run with the '-x' > expand (for virtusertable / alias expansion) option. Correct. > While the project page is inactive, the distribution packages of > spamass-milter often contain unofficial patches which expand its > features, and wouldn't surprise me if they also fix this > vulnerability. They did. That fix was also supposed to go upstream but accidentally did not. > Anyone know whether the CentOS one is vulnerable? > > Name : spamass-milter > Arch : i386 > Version : 0.3.1 > Release : 24.rhel5 You are all set. RHEL release 0.3.1-17 introduced the fix. 0.3.1-19 includes a related zombie process fix (CVE-2010-1132). See changelog in: http://rpmfind.net//linux/RPM/fedora/devel/rawhide/i386/spamass-milter-0.3.1-24.fc15.i686.html#Changelog
signature.asc
Description: OpenPGP digital signature