In case anyone wants to know, procmail 3.20 is out and the authors are recommending that previous versions be upgraded for potentionally exploitable security issues. This problem exists if procmail is setuid or setgid on your system. The issues at hand are that procmail could be forced to crash in a way that could be exploited to provide access to a system. Whether this has actually been done is another story. -- S.Toms - smotrs@mindspring.com - www.mindspring.com/~smotrs SuSE Linux v7.0+ - Kernel 2.2.18 Garbage In -- Gospel Out.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 29 June 2001 20:16, S.Toms babbled:
In case anyone wants to know, procmail 3.20 is out and the authors are recommending that previous versions be upgraded for potentionally exploitable security issues. This problem exists if procmail is setuid or setgid on your system. The issues at hand are that procmail could be forced to crash in a way that could be exploited to provide access to a system. Whether this has actually been done is another story.
actually, 3.21 is out and has fixes for 3.20.. so keep upgrading - -- Douglas J. Hunley (doug@hunley.homeip.net) - Linux User #174778 Admin: http://hunley.homeip.net/ Admin: http://linux.nf/ Brainbench Linux Administration Certified ~~ Now offering Linux admin services for the home user ~~ "I don't need any of that SQL stuff -- I just want a database!" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtAuZ8ACgkQOPP+k4ZeTm0IxACeK5nn0r7Nq4RRhrD24bmVq7Vd BBkAn1StROHIfISAzhCsfESCCr+nyJlJ =8JA6 -----END PGP SIGNATURE-----
On Mon, 2 Jul 2001, Douglas J. Hunley wrote: dh> -----BEGIN PGP SIGNED MESSAGE----- dh> Hash: SHA1 dh> dh> On Friday 29 June 2001 20:16, S.Toms babbled: dh> > In case anyone wants to know, procmail 3.20 is out and the authors are dh> > recommending that previous versions be upgraded for potentionally dh> > exploitable security issues. This problem exists if procmail is setuid or dh> > setgid on your system. dh> > The issues at hand are that procmail could be forced to crash in a way dh> > that could be exploited to provide access to a system. Whether this has dh> > actually been done is another story. dh> dh> actually, 3.21 is out and has fixes for 3.20.. so keep upgrading Yeah, the day after I sent that in, Philip posted 3.21 which fixes portability problems with INCLUDERC. You won't beable to get 3.20 unless you visit the archive section now. :) dh> dh> -- S.Toms - smotrs@mindspring.com - www.mindspring.com/~smotrs SuSE Linux v7.0+ - Kernel 2.2.18 "Whom are you?" said he, for he had been to night school. -- George Ade
participants (2)
-
Douglas J. Hunley -
S.Toms