On 02/11/2011 03:39 AM, Giles Coochey wrote:
> Under CentOS spamass-milter appears to run as sa-milt.

IIRC, Debian does this too.  However, the -x flag may require running as
root, so it is possible (I have not verified) that it never downgrades
its privileges.

> The Vulnerability is only active if the milter is run with the '-x' 
> expand (for virtusertable / alias expansion) option.

Correct.

> While the project page is inactive, the distribution packages of 
> spamass-milter often contain unofficial patches which expand its 
> features, and wouldn't surprise me if they also fix this
> vulnerability.

They did.  That fix was also supposed to go upstream but accidentally
did not.

> Anyone know whether the CentOS one is vulnerable?
> 
> Name       : spamass-milter
> Arch       : i386
> Version    : 0.3.1
> Release    : 24.rhel5

You are all set.

RHEL release 0.3.1-17 introduced the fix.  0.3.1-19 includes a related
zombie process fix (CVE-2010-1132).  See changelog in:
http://rpmfind.net//linux/RPM/fedora/devel/rawhide/i386/spamass-milter-0.3.1-24.fc15.i686.html#Changelog

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to