Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 3 Dec 2008 11:56:00 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re:  CVE id request/update: mailscanner: many scripts
 allow local users to overwrite arbitrary files via symlink attacks


Different CVE's because different versions were reported affected.

======================================================
Name: CVE-2008-5312
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
Reference: MLIST:[oss-security] 20081128 CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/29/1
Reference: MISC:http://bugs.debian.org/506353

mailscanner 4.55.10 might allow local users to overwrite arbitrary
files via a symlink attack on certain temporary files used by the (1)
f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new,
(4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in
/etc/MailScanner/autoupdate/, a different vulnerability than
CVE-2008-5140.


======================================================
Name: CVE-2008-5313
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
Reference: MLIST:[oss-security] 20081128 CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/29/1
Reference: MISC:http://bugs.debian.org/506353

mailscanner 4.68.8 might allow local users to overwrite arbitrary
files via a symlink attack on certain temporary files used by the (1)
f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and
(4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the
(5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper,
and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9)
Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm,
and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14)
/usr/sbin/MailScanner; and (15) scripts that load the
/etc/MailScanner/mailscanner.conf.with.mcp configuration file.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ