83509 2002-11-06  16:43  /42 rader/ Daniel Ahlberg <aliz@gentoo.org>
Importerad: 2002-11-06  16:43  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <2237>
Ärende: GLSA: MailTools
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-001
- - --------------------------------------------------------------------

PACKAGE : MailTools
SUMMARY : remote command execution
DATE    : 2002-11-06 14:11 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

The SuSE Security Team reviewed critical Perl modules, including the
Mail::Mailer package. This package contains a security hole which
allows remote attackers to execute arbitrary commands in certain
circumstances.  This is due to the usage of mailx as default mailer
which allows commands to be embedded in the mail body.  Vulnerable to
this attack are custom auto reply programs or spam filters which use
Mail::Mailer directly or indirectly.

SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-perl/MailTools-1.44-r1 and earlier update their systems as
follows:

emerge rsync
emerge MailTools
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9ySubfT7nyhUpoZMRAgIeAJ4zSYKNfFatgEwUaq/6pskWFY333wCeLBvG
9WiQs7LM4yGUDNk0jH/k/Fw=
=ZOPv
-----END PGP SIGNATURE-----
(83509) /Daniel Ahlberg <aliz@gentoo.org>/(Ombruten)