[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Rem
Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt
Thu, 10 Feb 2011 13:44:43 -0800
On Thu, 10 Feb 2011, Adam Katz wrote:
> On 02/10/2011 10:21 AM, David F. Skoll wrote:
> > Aieee.... popen() in security-sensitive software!??!??
> > Also, why does the milter process run as root? That seems like a huge
> > hole all by itself.
> Does this affect sendmail as well as postfix?
It only affects you if you're running with -x. This was patched in
Debian and Redhat in March of 2010.
"There's no problem so large it can't be solved by killing the user
off, deleting their files, closing their account and reporting their
REAL earnings to the IRS."
-- The B.O.F.H..