Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: [suse-security] Cyrus remote vulnerability
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Sun, 28 Nov 2004 11:56:37 +0100
  • Message-id: <20041128105637.GA8697@xxxxxxx>
On Sun, Nov 28, 2004 at 11:54:59AM +0100, Stefano Zanarini wrote:
> what about vulnerabilities reported here :
>
> http://security.e-matters.de/advisories/152004.html
>
> is someone working on an update ?
> even if most of the advisories concern authenticated users (someone with
> a valid account) they can permit remote code execution (with cyrus user
> privileges I think,so an attacker could remove all mailboxes on the
> server for instance).
>
> will patches be available soon ? any news ? the vendor has yet corrected
> the bug.

Yes, we are working on this bug.

Current estimate for patch availability is upcoming Monday (tomorrow).

Ciao, Marcus
< Previous Next >
Follow Ups
References