Package name
masqmail
Date
2005-09-20
Advisory ID
MDKSA-2005:168
Affected versions
MNF2.0 i586

Problem description

Jens Steube discovered two vulnerabilities in masqmail: When sending failed mail messages, the address was not properly sanitized which could allow a local attacker to execute arbitrary commands as the mail user (CAN-2005-2662). When opening the log file, masqmail did not relinquish privileges, which could allow a local attacker to overwrite arbitrary files via a symlink attack (CAN-2005-2663). The updated packages have been patched to address these issues.

Updated packages

MNF2.0 i586

 368d7259f0d1663f24ab0d96ef316520  mnf/2.0/RPMS/masqmail-0.2.18-3.1.M20mdk.i586.rpm
53c6095a108ea52147909091b262517f  mnf/2.0/SRPMS/masqmail-0.2.18-3.1.M20mdk.src.rpm

References