spamass-milt-list
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Rem

From: Dan Nelson
Subject: Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt
Date: Fri, 11 Feb 2011 00:08:26 -0600
User-agent: Mutt/1.5.21 (2010-09-15) 
In the last episode (Feb 10), Don Armstrong said:
> On Thu, 10 Feb 2011, Adam Katz wrote:
> > On 02/10/2011 10:21 AM, David F. Skoll wrote:
> > > Aieee.... popen() in security-sensitive software!??!??
> > > 
> > > Also, why does the milter process run as root?  That seems like a huge
> > > hole all by itself.
> > 
> > Does this affect sendmail as well as postfix?
> 
> It only affects you if you're running with -x. This was patched in
> Debian and Redhat in March of 2010.
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228

I thought I committed the patch to CVS, but apparently hadn't.  It's
committed now, and I'll do a release this weekend.

-- 
        Dan Nelson
        address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]