[contribteam] [Bug 10376] Security issue

bugzilla-daemon Thu, 06 Jul 2017 14:39:15 -0700

https://bugs.contribs.org/show_bug.cgi?id=10376


            Bug ID: 10376
           Summary: Security issue
    Classification: Contribs
           Product: SME Contribs
           Version: 9.2
          Hardware: ---
                OS: ---
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: smeserver-rkhunter
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
  Target Milestone: ---

see:
http://www.openwall.com/lists/oss-security/2017/06/29/2

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7480

https://bugzilla.redhat.com/show_bug.cgi?id=1466361


https://forums.contribs.org/index.php/topic,53198.msg275600.html#msg275600


http://seclists.org/oss-sec/2017/q2/643

rkhunter download various files such as mirrors.dat by default over http using
no signature and just a version verification. An attacker can inject a file
with MITM which is then run in bash. This could lead to remote code execution.

waiting for a fix, update should be disabled

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10376] Security issue

Reply via email to