Re: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739

To: henri@nerv.fi
Cc: debian-security-tracker@lists.debian.org
Subject: Re: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 25 Feb 2011 10:53:06 +0100
Message-id: <[🔎] 20110225095306.GA26290@inutil.org>
In-reply-to: <[🔎] 20110225035442.GA8155@nashi.nerv.fi>
References: <[🔎] 20110225035442.GA8155@nashi.nerv.fi>

On Fri, Feb 25, 2011 at 05:54:42AM +0200, henri@nerv.fi wrote:
> I think a CVE ID for mailscanner issue "lock/pid file location symlink attack" is CVE-2008-5313.
> 
> References:
> 1: http://security-tracker.debian.org/tracker/TEMP-0000000-477739
> 2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5313
> 3: http://security-tracker.debian.org/tracker/CVE-2010-3095
> 4: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596403

I'm not sure, there's three years time gap between and the description
only mentions other temporary files than the PID file?

Cheers,
        Moritz

Reply to:

References:
- mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
  - From: henri@nerv.fi

Prev by Date: Re: clamav htmlnorm DoS / TEMP-0000000-20B67B
Next by Date: DSA-2173-1 vs. tracker
Previous by thread: mailscanner: lock/pid file location symlink attack / TEMP-0000000-477739
Next by thread: DSA-2173-1 vs. tracker
Index(es):
- Date
- Thread