Package(s):	masqmail	CVE #(s):	CAN-2005-2662 CAN-2005-2663
Created:	September 21, 2005	Updated:	October 10, 2005
Description:	Masqmail fails to properly sanitize addresses when sending failed mail, allowing a local attacker to run arbitrary commands as the mail user. There is also a symlink vulnerability which can be exploited to overwrite files.
Alerts:	Debian DSA-848-1 masqmail 2005-10-08 Mandriva MDKSA-2005:168 masqmail 2005-09-20

---

to post comments