Local exploit in courier-mta package

To: submit@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: Local exploit in courier-mta package
From: racke@linuxia.de (Stefan Hornburg Racke)
Date: 21 Jan 2002 18:29:40 -0500
Message-id: <[🔎] 87u1tf1dwb.fsf@snowflake.linuxia.de>

Package: courier-mta
Version: 0.36.1-2
Severity: critical

A hand-crafted .courier file can be used to insert \r characters in the
message queue file.  A bug in the function that reads message queue files
subsequently results in memory corruption.

This exploit is fixed in 0.37.2 upstream, I'll upload an upgraded
version ASAP.

Ciao
        Racke


-- 
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)

Reply to:

Prev by Date: Re: su - user question
Next by Date: Re: [d-security] Re: root's home world readable
Previous by thread: mysql admin user (was: root's home world readable)
Next by thread: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Index(es):
- Date
- Thread