LQ weekly security rep - Mon Apr 14th 2003
Apr 14th 2003
17 of 26 issues handled (SF) 2. Multiple Vendor I/O System Call File Existence Weakness 3. Buffalo WBRG54 Wireless Broadband Router Denial Of Service Vulnerability 7. PHPSysInfo Index.PHP LNG File Disclosure Vulnerability 8. Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability 9. CVSps Unfiltered Escape Sequence Vulnerability 11. Invision Board functions.php SQL Injection Vulnerability 12. Interbase External Table File Verification Vulnerability 13. SETI@home Client Program Remote Buffer Overflow Vulnerability 14. SETI@home Client Program Information Disclosure Vulnerability 15. Metrics Insecure Local File Creation Vulnerability 16. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability 17. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities 18. Vignette StoryServer Sensitive Stack Memory Information Disclosure 19. JPEGX Wizard Password Bypass Vulnerability 20. Coppermine Photo Gallery PHP Code Injection Vulnerability 21. Py-Membres Remote SQL Injection Vulnerability 24. Amavis Header Parsing Mail Relaying Weakness Apr 14th 2003 20 of 33 issues handled (ISS) Vignette StoryServer TCL Interpreter information Samba and Samba-TNG call_trans2open() function Red Hat Linux vsftpd FTP daemon tcp_wrapper could SETI@home newline character (\n) buffer overflow InterBase improper permissions could allow an Jpegx uses weak encryption algorithm metrics tmpfile symlink attack ChiTeX chaddpfbname could allow an attacker to Opera long URL buffer overflow AMaViS-ng could allow an attacker to perform mail Invision Power Board functions.php SQL injection Apache HTTP Server could leak sensitive file CVSps file name filtering shell command execution PoPToP ctrlpacket.c code packet buffer overflow phPay multiple path disclosure phPay phpinfo.php information disclosure phPay search.php cross-site scripting NETGEAR FM114P bypass port blocking feature KDE PostScript (PS) and PDF shell command execution Oracle Report Review Agent (RRA) authentication |
Apr 14th 2003 (ISS)
Internet Security Systems
Date Reported: 04/07/2003 Brief Description: Vignette StoryServer TCL Interpreter information disclosure Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, StoryServer 4.1, StoryServer 6.0, Unix Any version, Windows Any version Vulnerability: storyserver-tcl-information-disclosure X-Force URL: http://www.iss.net/security_center/static/11725.php Date Reported: 04/07/2003 Brief Description: Samba and Samba-TNG call_trans2open() function buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Conectiva Linux 6.0, Conectiva Linux 7.0, Conectiva Linux 8.0, Debian Linux 2.2, Debian Linux 3.0, FreeBSD Ports Collection prior to 2001-04-07, HP CIFS/9000 Server A.01.09.02 & earlier, HP-UX 11.00, HP-UX 11.11, HP-UX 11.22, Linux Any version, Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux 8.0, Red Hat Linux 9.0, Samba 2.2.5 through 2.2.8, Samba-TNG prior to 0.3.2, Slackware Linux 8.1, Slackware Linux 9.0, SuSE eMail Server 3.1, SuSE eMail Server III Any version, SuSE Linux 7.1, SuSE Linux 7.2, SuSE Linux 7.3, SuSE Linux 8.0, SuSE Linux 8.1, SuSE Linux 8.2, SuSE Linux Connectivity Server Any version, SuSE Linux Database Server Any version, SuSE Linux Enterprise Server 7, SuSE Linux Enterprise Server 8, SuSE Linux Firewall Any version, SuSE Linux Office Server Any version, Trustix Secure Linux 1.2, Trustix Secure Linux 1.5, Unix Any version Vulnerability: samba-calltrans2open-bo X-Force URL: http://www.iss.net/security_center/static/11726.php Date Reported: 04/01/2003 Brief Description: Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server Risk Factor: Medium Attack Type: Network Based Platforms: Red Hat Linux 9.0 Vulnerability: vsftpd-tcpwrappers-gain-access X-Force URL: http://www.iss.net/security_center/static/11729.php Date Reported: 04/07/2003 Brief Description: SETI@home newline character (\n) buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Gentoo Linux Any version, Mac OS X Any version, Macintosh Any version, SETI@home prior to 3.08, Unix Any version, Windows Any version Vulnerability: seti@home-newline-bo X-Force URL: http://www.iss.net/security_center/static/11731.php Date Reported: 04/05/2003 Brief Description: InterBase improper permissions could allow an attacker to modify files Risk Factor: Medium Attack Type: Host Based / Network Based Platforms: Firebird 1.0.2, InterBase 6.01, InterBase 6.5, Linux Any version, Unix Any version, Windows Any version Vulnerability: interbase-permissions-modify-files X-Force URL: http://www.iss.net/security_center/static/11732.php Date Reported: 04/05/2003 Brief Description: Jpegx uses weak encryption algorithm Risk Factor: Medium Attack Type: Network Based Platforms: Jpegx 1.00.6, Linux Any version, Unix Any version, Windows Any version Vulnerability: jpegx-weak-encryption X-Force URL: http://www.iss.net/security_center/static/11733.php Date Reported: 04/07/2003 Brief Description: metrics tmpfile symlink attack Risk Factor: High Attack Type: Host Based Platforms: Debian Linux 2.2 Vulnerability: metrics-tmpfile-symlink X-Force URL: http://www.iss.net/security_center/static/11734.php Date Reported: 04/03/2003 Brief Description: ChiTeX chaddpfbname could allow an attacker to modify files Risk Factor: Medium Attack Type: Host Based Platforms: ChiTeX 6.1.2p7.8-1, Linux Any version Vulnerability: chitex-chaddpfbname-modify-files X-Force URL: http://www.iss.net/security_center/static/11735.php Date Reported: 04/07/2003 Brief Description: Opera long URL buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, Opera 7.02 build 2668, Unix Any version, Windows Any version Vulnerability: opera-long-url-bo X-Force URL: http://www.iss.net/security_center/static/11740.php Date Reported: 04/07/2003 Brief Description: AMaViS-ng could allow an attacker to perform mail relaying Risk Factor: Medium Attack Type: Network Based Platforms: AMaViS-ng 0.1.6.2, AMaViS-ng 0.1.6.3, Linux Any version, Unix Any version Vulnerability: amavis-ng-mail-relay X-Force URL: http://www.iss.net/security_center/static/11741.php Date Reported: 04/04/2003 Brief Description: Invision Power Board functions.php SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Invision Power Board 1.1.1, Linux Any version, Unix Any version, Windows Any version Vulnerability: invision-functions-sql-injection X-Force URL: http://www.iss.net/security_center/static/11749.php Date Reported: 04/02/2003 Brief Description: Apache HTTP Server could leak sensitive file descriptors Risk Factor: Medium Attack Type: Network Based Platforms: Apache HTTP Server prior to 2.0.45, Linux Any version, Unix Any version, Windows Any version Vulnerability: apache-descriptor-leak X-Force URL: http://www.iss.net/security_center/static/11750.php Date Reported: 04/05/2003 Brief Description: CVSps file name filtering shell command execution Risk Factor: High Attack Type: Network Based Platforms: CVSps 2.0b6 to 2.0b9, Linux Any version, Unix Any version Vulnerability: cvsps-shell-command-execution X-Force URL: http://www.iss.net/security_center/static/11753.php Date Reported: 04/09/2003 Brief Description: PoPToP ctrlpacket.c code packet buffer overflow Risk Factor: Low Attack Type: Network Based Platforms: Linux Any version, PoPToP prior 1.1.3-20030409, PoPToP prior to 1.1.4-b3 Vulnerability: poptop-ctrlpacket-packet-bo X-Force URL: http://www.iss.net/security_center/static/11756.php Date Reported: 04/09/2003 Brief Description: phPay multiple path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Linux Any version, phPay 2.02, Unix Any version, Windows Any version Vulnerability: phpay-multiple-path-disclosures X-Force URL: http://www.iss.net/security_center/static/11757.php Date Reported: 04/09/2003 Brief Description: phPay phpinfo.php information disclosure Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, phPay 2.02, Unix Any version, Windows Any version Vulnerability: phpay-phpinfo-info-disclosure X-Force URL: http://www.iss.net/security_center/static/11758.php Date Reported: 04/09/2003 Brief Description: phPay search.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, phPay 2.02, Unix Any version, Windows Any version Vulnerability: phpay-search-xss X-Force URL: http://www.iss.net/security_center/static/11759.php Date Reported: 04/02/2003 Brief Description: NETGEAR FM114P bypass port blocking feature Risk Factor: Medium Attack Type: Network Based Platforms: NETGEAR FM114P 1.4 Beta Release 21 Vulnerability: netgear-fm114p-port-bypass X-Force URL: http://www.iss.net/security_center/static/11762.php Date Reported: 04/09/2003 Brief Description: KDE PostScript (PS) and PDF shell command execution Risk Factor: High Attack Type: Host Based / Network Based Platforms: Gentoo Linux Any version, KDE 2.0 through 3.1.1, Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Unix Any version Vulnerability: kde-ps-command-execution X-Force URL: http://www.iss.net/security_center/static/11767.php Date Reported: 04/10/2003 Brief Description: Oracle Report Review Agent (RRA) authentication bypass Risk Factor: Medium Attack Type: Network Based Platforms: Oracle 10.7, Oracle 11.0, Oracle E-Business Suite 11i Releases 1-8 Vulnerability: oracle-rra-authentication-bypass X-Force URL: http://www.iss.net/security_center/static/11768.php |
Apr 14th 2003 (SF)
SecurityFocus
2. Multiple Vendor I/O System Call File Existence Weakness BugTraq ID: 7279 Remote: No Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7279 Summary: A weakness has been discovered in the implementation of various I/O system calls. The problem occurs due to varying error return times, when accessing existent and non-existent files. This issue has been confirmed to affect the open() system call, however it is likely that other similar calls are also affected. An attacker could exploit this vulnerability by calling the open() system call on unreadable files. By making requests for various unreadable files, it may be possible for an attacker to deduce a timing window that can be used to verify the existence of the file. It should be noted that a fix for this weakness might not be plausible, as the kernel is meant to be as efficient as possible. However, the specific problem may occur due to a differing sequence of events while attempting to access non-existent files. A solution may be to have an identical sequence of permission checking on directories, before checking for the file. It has been reported that this weakness has successfully been exploited on various Linux and BSD releases. However, this weakness likely exists in other operating systems including Sun Solaris and Microsoft Windows. 3. Buffalo WBRG54 Wireless Broadband Router Denial Of Service Vulnerability BugTraq ID: 7282 Remote: Yes Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7282 Summary: Buffalo Wireless Broadband Router WBRG54 is a network device for wireless networks. A vulnerability has been reported for the WBRG54 device that may result in a denial of service. It should be noted that the device must be set to 'peer-to-peer' connection mode if exploitation is to be possible. This mode allows for two devices to specifically communicate with each other. The vulnerability occurs when a vulnerable device receives numerous ICMP packets. An attacker can exploit this vulnerability by sending ICMP (type 8) packets to a vulnerable device. In some cases, this will result in the device behaving unpredictably and denying service. This vulnerability may also result in the device rebooting spontaneously. The problem was reported for the WBRG54 with firmware revisions 1.11 and 1.13. Other versions may also be affected. 7. PHPSysInfo Index.PHP LNG File Disclosure Vulnerability BugTraq ID: 7286 Remote: No Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7286 Summary: PHPSysInfo is a PHP Script that parses the '/proc' filesystem and displays information about system information in a web browser. PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may possibly influence the path for PHPSysinfo language include files. An arbitrary file may be included outside of the web root. Using directory traversal sequences (../) the file may be included as a language resource for the 'index.php' page. If the malicious include file is symlinked to an arbitrary web server readable file, such as '/etc/passwd', the contents of the linked file may be disclosed to the attacker. The file may also contain PHP code which may be executed in the context of the webserver. This attack may lead to confidential or sensitive information disclosure, which could be used to launch other attacks. It may also be exploited to execute arbitrary attacker supplied PHP code. 8. Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability BugTraq ID: 7287 Remote: Yes Date Published: Apr 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7287 Summary: Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux. A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. Specifically, if the 'Connection:' and 'Range:' HTTP headers are blank, the web server will crash. An attacker can exploit this vulnerability by connecting to a vulnerable server and sending blank 'Connection:' and 'Range:' HTTP headers. This will result in a denial of service condition. This vulnerability was reported for Abyss Web Server 1.1.2. 9. CVSps Unfiltered Escape Sequence Vulnerability BugTraq ID: 7288 Remote: Yes Date Published: Apr 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7288 Summary: CVSps is a program to generate a diff/patch set for CVS repositories. It is available for Linux and Unix variant operating systems. A vulnerability has been reported for CVSps where some characters were improperly filtered prior to sending them to the command shell. Specifically, escape sequences are not properly filtered from filenames when generating a diff/patch set. This issue can be exploited by a malicious CVS contributor who names a file with malicious escape and shell metacharacters. When CVSps is used to process the malicious file, it may be possible to execute commands on the underlying shell of the host. This vulnerability was reported for CVSps 2.0b9 and earlier. 11. Invision Board functions.php SQL Injection Vulnerability BugTraq ID: 7290 Remote: Yes Date Published: Apr 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7290 Summary: Invision Board is web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems. An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the load_skin() function of the functions.php script file. Specifically, the value supplied for the 'skinid' variable is not properly cast as an integer type. An attacker may be able to exploit this vulnerability by manipulating 'skinid' URI parameter to include malicious SQL commands and queries which may result in information disclosure, or database corruption. The consequences depend on the nature of specific queries. This issue may allow the attacker to exploit latent vulnerabilities in the underlying database. This vulnerability was reported for Invision Board 1.1.1. 12. Interbase External Table File Verification Vulnerability BugTraq ID: 7291 Remote: Yes Date Published: Apr 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7291 Summary: Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. A vulnerability has been reported for Interbase that may result in the corruption of arbitrary system files. The vulnerability exists due to insufficient checks performed when creating or manipulating external databases. Specifically, file existence checks are not made. An attacker can exploit this vulnerability by creating an external table pointing to an arbitrary system file. When the attacker attempts to modify the external table, the system file will be corrupted with attacker-supplied information. This may result in system instability. This vulnerability is further exacerbated by the fact that the Interbase service typically runs with root or SYSTEM level privileges. Firebird is based on Borland/Inprise Interbase source code and is therefore also prone to this issue. 13. SETI@home Client Program Remote Buffer Overflow Vulnerability BugTraq ID: 7292 Remote: Yes Date Published: Apr 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7292 Summary: SETI@home is a client program designed to run on a computer when it is not in use. The client receives data from a central server, which it later analyzes in search of various information. It is available for a variety of platforms including Linux, Unix, and the Microsoft Windows operating system. A vulnerability has been discovered in the SETI@home client program. Due to insufficient bounds checking when processing server data, it may be possible for a remote attacker to trigger a buffer overflow. This issue could be exploited by forging an HTTP request which mimics a server response handler. When a vulnerable client attempts to process the malicious server response, a buffer overflow will be triggered. Successful exploitatation of this issue may allow an attacker to execute arbitrary commands on a target system, with the privileges of the user invoking the software. This vulnerability affects SETI@home clients prior to 3.08. 14. SETI@home Client Program Information Disclosure Vulnerability BugTraq ID: 7281 Remote: Yes Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7281 Summary: SETI@home is a client program designed to run on a computer when it is not in use. The client receives data from a central server, which it later analyzes in search of various information. It is available for a variety of platforms including Linux, Unix, and the Microsoft Windows operating system. A vulnerability has been reported in the SETI@home client program. Specifically, sensitive information is transmitted from the client to the server in plain text. As a result, sensitive operating system and processor information may be disclosed to an attacker. An attacker could exploit this system by sniffing network traffic transmitted between the client and the server. Access to this type of information may aid in launching attacks against the system running the client. This vulnerability was reported for SETI@home version 3.03. 15. Metrics Insecure Local File Creation Vulnerability BugTraq ID: 7293 Remote: No Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7293 Summary: Metrics is an application designed to measure various software metrics. It is available for the Linux operating system and is included with the Debian 2.2 distribution. A vulnerability has been discovered in Metrics which could allow an attacker to corrupt sensitive system files. The problem occurs in the 'halstead' and 'gather_stats' scripts, included in the Metrics package. The vulnerability exists due to the two scripts failing to carry out sufficient security precautions when attempting to create temporary files. As a result, it may be possible for a malicious local user to corrupt sensitive system files. This vulnerability was discovered in Metrics version 1.0 however, earlier versions may also be affected. 16. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability BugTraq ID: 7294 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7294 Summary: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges. A buffer overflow vulnerability has been reported for Samba that could allow an anonymous remote attacker to execute arbitrary code. The vulnerability occurs in the 'call_trans2open()' function when copying data into a 1024 byte static buffer. Sufficient bounds checking is not performed when a call to the 'Strncpy()' function is invoked. The length argument supplied to 'Strncpy()' is exactly the length of the user-supplied data. As a result, an attacker could exploit this vulnerability by sending data in excess of 1024 bytes. Successful exploitation of this vulnerability could allow an anonymous attacker to overwrite sensitive stack variables, including the 'open_trans2open()' functions' saved return address. The ability to influence sensitive memory could be leveraged by the attacker to execute arbitrary code with the privileges of the Samba server process. 17. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities BugTraq ID: 7295 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7295 Summary: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges. Multiple remote buffer overflow vulnerabilities have been reported for Samba and Samba-TNG. The overflows are reported to occur in both stack and heap-based memory. This issue occurs due to insufficient bounds checking when copying user-supplied data to internal buffers. Although it has not been confirmed, it is likely that these issues can be exploited to execute arbitrary code, with the privileges of Samba (which typically runs as root). These issues are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1. The precise technical details regarding these vulnerabilities is currently unknown. This BID will be updated as further information is made available. It should be noted that these vulnerabilities may be similar to the issue described in BID 7294. 18. Vignette StoryServer Sensitive Stack Memory Information Disclosure Vulnerability BugTraq ID: 7296 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7296 Summary: Vignette StoryServer is a dynamic content management system. It allows the use of TCL code to perform a wide range of functions. For example database interaction and cookie creation. It has been reported that Vignette StoryServer, under certain circumstances, may reveal the contents of stack memory. Specifically, a specially crafted HTTPS request containing '<' and '"' characters passed as URI parameters to any page that accepts user-supplied data will trigger an error state. An error message containing the current contents of stack memory will be returned to the attackers browser. It should be noted that this vulnerability might be exploited in a continuous manner without an impact on the Vignette StoryServer service state. The attacker may use this condition to provide reconnaissance over a period of time until sufficient information has been gathered to aid in further activity against the vulnerable host. 19. JPEGX Wizard Password Bypass Vulnerability BugTraq ID: 7298 Remote: No Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7298 Summary: JPEGX is steganography software for Microsoft Windows, it is designed to embed encrypted data into JPEG files. JpegX has been reported prone to a password bypass vulnerability. It has been reported that when no password credentials are supplied if using the JpegX wizard to decrypt data contained in JpegX JPEG files, JpegX will decipher the file regardless. This vulnerability may lead to sensitive information disclosure. 20. Coppermine Photo Gallery PHP Code Injection Vulnerability BugTraq ID: 7300 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7300 Summary: Coppermine Photo Gallery is a web based picture gallery script that allows users to upload pictures with a web browser, add comments, send e-cards and view statistics about the pictures. Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The attacker may craft the file in such a way that PHP code execution will occur when the image is viewed. Specifically, the attacker may embed PHP code as a signature to a valid JPEG image and name it 'Filename.jpg.php'. The attacker may then upload the file to a vulnerable server. If the image is still considered a valid JPEG file by the Coppermine photo gallery, when the JPEG image is viewed the code contained within the JPEG file will be executed in the context of the web server hosting the vulnerable application. The attacker may use 'shell_exec()' or similar functions as a conduit to execute arbitrary shell commands remotely. This attack may result in arbitrary PHP code execution in the security context of the web server that is hosting the vulnerable application. 21. Py-Membres Remote SQL Injection Vulnerability BugTraq ID: 7301 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7301 Summary: A vulnerability has been reported for Py-Membres 4.0 that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the login.php file included with Py-Membres. Because of this issue, remote attackers may launch SQL injection attacks through the software. This problem requires that the PHP configuration directive 'magic_quotes_gpc' be disabled, although it may also be present with limited impact when the directive is enabled. Exploitation of this issue will allow an attacker to inject SQL syntax into database queries via the 'login' variable for the login.php script. This may allow for a variety of attacks. 24. Amavis Header Parsing Mail Relaying Weakness BugTraq ID: 7306 Remote: Yes Date Published: Apr 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7306 Summary: Amavis is a freely available, open source virus scanning software package. It is available for the UNIX and Linux operating systems. A problem with the software may make it possible to perform unauthorized actions in vulnerable configurations. It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. The problem is in the handling of headers. Due to improper e-mail header processing, Amavis may send e-mails to addresses specified in a To: field in the message body rather than the RCPT TO: field specified via SMTP. This could make it possible to relay e-mails through some configurations. |
All times are GMT -5. The time now is 09:02 AM. |