|
|
Subscribe / Log in / New account

perl-MailTools: remote command execution

Package(s):MailTools CVE #(s):CAN-2002-1271
Created:November 5, 2002 Updated:September 19, 2003
Description: The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body.

Note that mail processing programs which use this package can be affected by this vulnerability; in particular, SpamAssassin is vulnerable if you use the -r or -w flags.

Alerts:
Debian DSA-386-1 libmailtools-perl 2003-09-18
Gentoo 200302-01 SpamAssasin 2003-02-02
Mandrake MDKSA-2002:076 perl-MailTools 2002-11-07
Gentoo 200211-001 MailTools 2002-11-06
SuSE SuSE-SA:2002:041 perl-MailTools 2002-11-05
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds