漏洞信息详情

MailScanner 不安全临时文件创建漏洞

漏洞简介

MailScanner是一个Email病毒扫描、防黑和垃圾邮件过滤程序。

mailscanner 4.68.8和其它4.74.16-1之前的版本可能允许本地用户可以借助的一个symlink攻击 on certain temporary files used by the 对被(1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate,和(4) /etc/MailScanner/autoupdate/中的f-prot-6-autoupdate脚本; (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) /etc/MailScanner/wrapper/中的rav-wrapper脚本;(9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, 和(13) /usr/share/MailScanner/MailScanner/中的SA.pm脚本; (14) /usr/sbin/MailScanner; 以及(15)装载 /etc/MailScanner/mailscanner.conf.with.mcp配置文件的脚本所运行的临时文件发动一个symlink攻击,重写任意文件

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

MailScanner MailScanner 4

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.73.4-2

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 2-3

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 5-2

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 3-1

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 4-1

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 5-1

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 5-3

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 2-1

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.0 2-2

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.11 -1

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.55.10

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.68.8

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

MailScanner MailScanner 4.73.3 -1

MailScanner MailScanner 4.74.7-2

http://www.mailscanner.info/downloads.html

参考网址

来源: BID

名称: 32557

链接:http://www.securityfocus.com/bid/32557

来源: MLIST

名称: [oss-security] 20081128 CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks

链接:http://www.openwall.com/lists/oss-security/2008/11/29/1

来源: www.mailscanner.info

链接:http://www.mailscanner.info/ChangeLog

来源: SECUNIA

名称: 33117

链接:http://secunia.com/advisories/33117

来源: bugs.debian.org

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#44

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多