what about vulnerabilities reported here : http://security.e-matters.de/advisories/152004.html is someone working on an update ? even if most of the advisories concern authenticated users (someone with a valid account) they can permit remote code execution (with cyrus user privileges I think,so an attacker could remove all mailboxes on the server for instance). will patches be available soon ? any news ? the vendor has yet corrected the bug. regards -- YACME S.r.l. Via del Mobiliere, 9 40138 Bologna Phone: +39 051 538709 Fax: +39 051 532399
On Sun, Nov 28, 2004 at 11:54:59AM +0100, Stefano Zanarini wrote:
what about vulnerabilities reported here :
http://security.e-matters.de/advisories/152004.html
is someone working on an update ? even if most of the advisories concern authenticated users (someone with a valid account) they can permit remote code execution (with cyrus user privileges I think,so an attacker could remove all mailboxes on the server for instance).
will patches be available soon ? any news ? the vendor has yet corrected the bug.
Yes, we are working on this bug. Current estimate for patch availability is upcoming Monday (tomorrow). Ciao, Marcus
Il giorno dom, 28-11-2004 alle 11:56 +0100, Marcus Meissner ha scritto:
will patches be available soon ? any news ? the vendor has yet corrected the bug.
Yes, we are working on this bug.
Current estimate for patch availability is upcoming Monday (tomorrow).
great news :-) thanks for the quick answer. -- YACME S.r.l. Via del Mobiliere, 9 40138 Bologna Phone: +39 051 538709 Fax: +39 051 532399
participants (2)
-
Marcus Meissner
-
Stefano Zanarini