From: Daniel Ahlberg <aliz@gentoo.org>
To: gentoo-announce@gentoo.org
Subject: [gentoo-announce] GLSA: MailTools
Date: Wed, 6 Nov 2002 15:47:56 +0100 [thread overview]
Message-ID: <20021106144756.31EEC33762@mail1.tamperd.net> (raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1495 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-001
- - --------------------------------------------------------------------
PACKAGE : MailTools
SUMMARY : remote command execution
DATE : 2002-11-06 14:11 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
The SuSE Security Team reviewed critical Perl modules, including the
Mail::Mailer package. This package contains a security hole which allows
remote attackers to execute arbitrary commands in certain circumstances.
This is due to the usage of mailx as default mailer which allows commands
to be embedded in the mail body.
Vulnerable to this attack are custom auto reply programs or spam filters
which use Mail::Mailer directly or indirectly.
SOLUTION
It is recommended that all Gentoo Linux users who are running
dev-perl/MailTools-1.44-r1 and earlier update their systems as follows:
emerge rsync
emerge MailTools
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9ySubfT7nyhUpoZMRAgIeAJ4zSYKNfFatgEwUaq/6pskWFY333wCeLBvG
9WiQs7LM4yGUDNk0jH/k/Fw=
=ZOPv
-----END PGP SIGNATURE-----
--
gentoo-announce@gentoo.org mailing list
reply other threads:[~2002-11-06 15:13 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021106144756.31EEC33762@mail1.tamperd.net \
--to=aliz@gentoo.org \
--cc=gentoo-announce@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox