[Secure-testing-team] Bug#573228: Arbitrary command execution (report from full-disclosure)
Moritz Muehlenhoff
jmm at debian.org
Tue Mar 9 21:50:56 UTC 2010
Package: spamass-milter
Severity: grave
Tags: security
Hi Don,
The following report was posted to full-disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073489.html
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages spamass-milter depends on:
ii adduser 3.112 add and remove users and groups
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.3-3 GCC support library
pn libmilter1.0.1 <none> (no description available)
ii libstdc++6 4.4.3-3 The GNU Standard C++ Library v3
pn spamc <none> (no description available)
Versions of packages spamass-milter recommends:
pn sendmail | postfix <none> (no description available)
ii spamassassin 3.3.0-2 Perl-based spam filter using text
spamass-milter suggests no packages.
More information about the Secure-testing-team
mailing list