[Secure-testing-team] Some severity readjustments
Moritz Muehlenhoff
jmm at inutil.org
Tue Jun 21 21:28:07 UTC 2005
Hi,
I've just had a look over the outstanding issues and their severities.
I guess some need to be adjusted:
Bump to medium:
ilohamail - Allows execution of web code through crafted mail
openmotif (both) - Allows execution of code through crafted XPMs
spamassassin - spammers are known to actively monitor spamassassin's development,
so it's not unlikely that this gets exploited by real world spam
squirrelmail - potential account hijacking through reading crafted mail
tcpdump - being able to knock down network monitoring software is bad
Lower to low:
lynx - This is just a browser DoS and really obscure
mozilla-thunderbird - only in debug mode; not typically run with extended privs
mutt - You can have the same effect by filling up /tmp, which will screw
lots of apps
If noone objects, I'll commit that tomorrow evening.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list