store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Fri May 24, 2013 6:33 am

View unanswered posts | View active topics


Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
BruceLee
 Post subject: Spamassassin/Postifx Milter Plugin Remote Root Attack
Unread postPosted: Wed Mar 17, 2010 12:50 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Mar 28, 2009 6:58 pm
Posts: 802
Location: Germany
Just read about a security leak about spamassassin/postfix/milter.
If the filter does run with Expand-Option -x and with root rights, a special prepared mail can be used to execute code.


SOURCES + INFOS:
http://isc.sans.org/diary.html?storyid=8434
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
http://savannah.nongnu.org/bugs/index.php?29136
Top
 Profile  
 
mikeshinn
 Post subject: Re: Spamassassin/Postifx Milter Plugin Remote Root Attack
Unread postPosted: Wed Mar 17, 2010 1:11 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3245
Location: Chantilly, VA
As an aside, we dont use milters in our qmail-scanner, so if you use ours you are safe.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 2 posts ] 

Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group