NI3
11-03-2003, 06:25 PM
hi barobach:
-----------
TITLE:
dbmail "From:" Address Arbitrary Command Insertion Vulnerability
SECUNIA ADVISORY ID:
SA10111
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
dbmail 1.x
DESCRIPTION:
A vulnerability has been reported in dbmail, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error when
generating auto-replies. This can be exploited by sending a malicious
email with a specially crafted "From:" field to a user.
Successful exploitation may allow execution of arbitrary commands on
the user's system.
SOLUTION:
Update to version 1.2.1:
[Only registered and activated users can see links]
ORIGINAL ADVISORY:
dbmail release notes:
[Only registered and activated users can see links]
-----------------------------------------------------
-----------
TITLE:
dbmail "From:" Address Arbitrary Command Insertion Vulnerability
SECUNIA ADVISORY ID:
SA10111
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
dbmail 1.x
DESCRIPTION:
A vulnerability has been reported in dbmail, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error when
generating auto-replies. This can be exploited by sending a malicious
email with a specially crafted "From:" field to a user.
Successful exploitation may allow execution of arbitrary commands on
the user's system.
SOLUTION:
Update to version 1.2.1:
[Only registered and activated users can see links]
ORIGINAL ADVISORY:
dbmail release notes:
[Only registered and activated users can see links]
-----------------------------------------------------