|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] QmailAdmin Execution of Arbitrary Commands
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Jul 25 2003 - 07:19:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
QmailAdmin Execution of Arbitrary Commands
READ ONLINE:
http://www.secunia.com/advisories/9360/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
QmailAdmin 1.x
DESCRIPTION:
A vulnerability has been identified in QmailAdmin allowing malicious
users to execute arbitrary system commands.
The problem is that users are able to create a "Forward" rule which
can send emails to any command on the system. These commands will be
executed as the "vpopmail" user.
QmailAdmin versions 1.0.13 through 1.0.24 are vulnerable.
SOLUTION:
QmailAdmin development version 1.0.25 is not vulnerable.
QmailAdmin stable version 1.0.6 is not vulnerable.
QmailAdmin is available from:
http://sourceforge.net/project/showfiles.php?group_id=6691&release_id=173699
Do not use development releases on production systems.
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]