Package: masqmail Severity: grave Tags: security sarge Justification: user security hole
Mandriva has disclosed two security problems in masqmail: Jens Steube discovered two vulnerabilities in masqmail: When sending failed mail messages, the address was not properly sanitized which could allow a local attacker to execute arbitrary commands as the mail user (CAN-2005-2662). When opening the log file, masqmail did not relinquish privileges, which could allow a local attacker to overwrite arbitrary files via a symlink attack (CAN-2005-2663). CAN-2005-2662 seems to be quite serious. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
