漏洞信息详情
MailScanner 不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200812-033
- 危害等级: 低危
- CVE编号: CVE-2008-5313
- 漏洞类型: 后置链接
- 发布时间: 2008-12-03
- 威胁类型: 本地
- 更新时间: 2009-03-03
- 厂 商: mailscanner
- 漏洞来源: Raphael Geissert
漏洞简介
MailScanner是一个Email病毒扫描、防黑和垃圾邮件过滤程序。
mailscanner 4.68.8和其它4.74.16-1之前的版本可能允许本地用户可以借助的一个symlink攻击 on certain temporary files used by the 对被(1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate,和(4) /etc/MailScanner/autoupdate/中的f-prot-6-autoupdate脚本; (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) /etc/MailScanner/wrapper/中的rav-wrapper脚本;(9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, 和(13) /usr/share/MailScanner/MailScanner/中的SA.pm脚本; (14) /usr/sbin/MailScanner; 以及(15)装载 /etc/MailScanner/mailscanner.conf.with.mcp配置文件的脚本所运行的临时文件发动一个symlink攻击,重写任意文件
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MailScanner MailScanner 4
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.73.4-2
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 2-3
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 5-2
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 3-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 4-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 5-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 5-3
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 2-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 2-2
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.11 -1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.55.10
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.68.8
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.73.3 -1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
参考网址
来源: BID
名称: 32557
链接:http://www.securityfocus.com/bid/32557
来源: MLIST
名称: [oss-security] 20081128 CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks
链接:http://www.openwall.com/lists/oss-security/2008/11/29/1
来源: www.mailscanner.info
链接:http://www.mailscanner.info/ChangeLog
来源: SECUNIA
名称: 33117
链接:http://secunia.com/advisories/33117
来源: bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#44
受影响实体
- Mailscanner Mailscanner:4.70.7-1
- Mailscanner Mailscanner:4.69.9-3
- Mailscanner Mailscanner:4.68.8-1
- Mailscanner Mailscanner:4.68.8
- Mailscanner Mailscanner:4.71.10-1
补丁
暂无
评论