-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200211-001 - - -------------------------------------------------------------------- PACKAGE : MailTools SUMMARY : remote command execution DATE : 2002-11-06 14:11 UTC EXPLOIT : remote - - -------------------------------------------------------------------- The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly. SOLUTION It is recommended that all Gentoo Linux users who are running dev-perl/MailTools-1.44-r1 and earlier update their systems as follows: emerge rsync emerge MailTools emerge clean - - -------------------------------------------------------------------- alizat_private - GnuPG key is available at www.gentoo.org/~aliz - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9ySubfT7nyhUpoZMRAgIeAJ4zSYKNfFatgEwUaq/6pskWFY333wCeLBvG 9WiQs7LM4yGUDNk0jH/k/Fw= =ZOPv -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 07:43:20 PST