漏洞信息详情
MailScanner 不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200812-032
- 危害等级: 低危
- CVE编号: CVE-2008-5312
- 漏洞类型: 后置链接
- 发布时间: 2008-12-03
- 威胁类型: 本地
- 更新时间: 2009-03-03
- 厂 商: mailscanner
- 漏洞来源: Raphael Geissert
漏洞简介
MailScanner是一个Email病毒扫描、防黑和垃圾邮件过滤程序。
mailscanner 4.55.10版本及其它4.74.16-1之前的版本可能允许本地用户借助对被(1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, 和(5)/etc/MailScanner/autoupdate/中的 rav-autoupdate.new 脚本所运行的某临时文件上发动一个symlink攻击 ,来重写任意文件。该漏洞不同于CVE-2008-5140。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MailScanner MailScanner 4
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.73.4-2
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 2-3
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 5-2
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 3-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 4-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 5-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 5-3
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 2-1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.0 2-2
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.11 -1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.55.10
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.68.8
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
MailScanner MailScanner 4.73.3 -1
MailScanner MailScanner 4.74.7-2
http://www.mailscanner.info/downloads.HTML
参考网址
来源: BID
名称: 32557
链接:http://www.securityfocus.com/bid/32557
来源: MLIST
名称: [oss-security] 20081128 CVE id request/update: mailscanner: many scripts allow local users to overwrite arbitrary files via symlink attacks
链接:http://www.openwall.com/lists/oss-security/2008/11/29/1
来源: CONFIRM
名称: http://www.mailscanner.info/ChangeLog
链接:http://www.mailscanner.info/ChangeLog
来源: SECUNIA
名称: 33117
链接:http://secunia.com/advisories/33117
来源: bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#44
受影响实体
- Mailscanner Mailscanner:4.71.10-1
- Mailscanner Mailscanner:4.69.9-3
- Mailscanner Mailscanner:4.72.5-1
- Mailscanner Mailscanner:4.73.4-2
- Mailscanner Mailscanner:4.55.10
补丁
暂无
评论