Am 11.02.2011 20:11, schrieb Adam Katz:
> On 02/11/2011 03:39 AM, Giles Coochey wrote:
>> Under CentOS spamass-milter appears to run as sa-milt.
> 
> IIRC, Debian does this too.  However, the -x flag may require running as
> root, so it is possible (I have not verified) that it never downgrades
> its privileges.
> 
>> The Vulnerability is only active if the milter is run with the '-x' 
>> expand (for virtusertable / alias expansion) option.
> 
> Correct.
> 
>> While the project page is inactive, the distribution packages of 
>> spamass-milter often contain unofficial patches which expand its 
>> features, and wouldn't surprise me if they also fix this
>> vulnerability.
> 
> They did.  That fix was also supposed to go upstream but accidentally
> did not.
> 
>> Anyone know whether the CentOS one is vulnerable?
>>
>> Name       : spamass-milter
>> Arch       : i386
>> Version    : 0.3.1
>> Release    : 24.rhel5
> 
> You are all set.
> 
> RHEL release 0.3.1-17 introduced the fix.  0.3.1-19 includes a related
> zombie process fix (CVE-2010-1132).  See changelog in:
> http://rpmfind.net//linux/RPM/fedora/devel/rawhide/i386/spamass-milter-0.3.1-24.fc15.i686.html#Changelog
> 

whatever fixed in ubuntu lucid since last year

+spamass-milter (0.3.1-10) unstable; urgency=low
+
+  * Fix zombies which were happening with -x. (closes: #575019)
+
+ -- Don Armstrong <d...@debian.org>  Mon, 22 Mar 2010 14:39:12 -0700
+
+spamass-milter (0.3.1-9) unstable; urgency=high
+
+  * Call restorecon on the socket and pidfile directories to make SELinux
+    happy (thanks to Russell Coker) (closes: #518552)
+  * Document how to make inet:9999@127.0.0.1 work (closes: #519245)
+  * Document that using the -x option requires being in the smmsp group
+    (closes: #515158)
+  * Deal with inet:999 sockets (closes: #514749)
+    - handle them more sanely in the init script
+    - document how to deal with them in README.Debian and
+      /etc/spamass-milter/default
+  * Use new popenenv function instead of open; fixes remote code exploit
+    as the spamass-milter user when run using -x. (closes: #573228)
+
+ -- Don Armstrong <d...@debian.org>  Wed, 11 Mar 2009 03:59:39 -0700
+


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Reply via email to