El vie, 25-03-2005 a las 21:54 +0100, Moritz Muehlenhoff escribi�: > Package: smail > Severity: grave > Tags: security patch > Justification: user security hole > > [Dear security-team, this should affect Woody as well] > > Sean <[EMAIL PROTECTED] has discovered two vulnerabilities in smail, > that can be exploited to obtain root privileges: > > 1. A heap overflow in RFC 821 header parsing permits remote attackers that > are able to connect to an SMTP server remote code execution with root > privileges. > 2. Insecure signal handling may be exploitable to obtain extended privileges > for local users as well. > > For full details see > http://www.securityfocus.com/archive/1/394286/2005-03-22/2005-03-28/0 > > It contains a fix for the heap overflow, which I attach to this report.
Thanks for reporting the bug. I'll upload a new version which contains your patch as soon as possible. I put on CC the security team because the version in stable seems to be affected too. Kind regards, H�ctor
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
