oss-sec mailing list archives

CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks

From: Raphael Geissert <atomo64+debian () gmail com>
Date: Fri, 28 Nov 2008 17:20:54 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

A week ago I reported some more issues in mailscanner other than those mentioned
in CVE-2008-5140 at [1], but it looks like the mail copy sent to bugtraq was
never really delivered or got rejected.

Could the current CVE id be updated or a new one assigned please?

Thanks in advance.

[1] http://bugs.debian.org/506353

Regards,
- -- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkwfNYACgkQYy49rUbZzlpLBwCfVo+ghoxKPzjYI7OCcdDhxrBt
MHUAn1wyGHJR28rpa+TXeWIqIy2HTpdN
=jcCS
-----END PGP SIGNATURE-----

Current thread:

CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks Raphael Geissert (Nov 29)
- Re: CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks Steven M. Christey (Dec 03)