On Thursday, November 7, 2002, at 04:22 PM, Mandrake Linux Security Team wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > _______________________________________________________________________ > _ > > Mandrake Linux Security Update Advisory > _______________________________________________________________________ > _ > > Package name: perl-MailTools > Advisory ID: MDKSA-2002:076 > Date: November 7th, 2002 > > Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0 > _______________________________________________________________________ > _ > > Problem Description: > > A vulnerability was discovered in Mail::Mailer perl module by the SuSE > security team during an audit. The vulnerability allows remote > attackers to execute arbitrary commands in certain circumstances due > to the usage of mailx as the default mailer, a program that allows > commands to be embedded in the mail body. > > This module is used by some auto-response programs and spam filters > which make use of Mail::Mailer. > _______________________________________________________________________ > _ > > References: > > http://mail.python.org/pipermail/python-dev/2002-August/027223.html > http://python.org/sf/590294 My apologies. These aren't the references for this vulnerability; they're for the python vulnerability we're working on. Sorry for the confusion. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 19:25:32 PST