-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hallo,
http://secunia.com/advisories/16173/ Secunia Research has discovered a vulnerability in MDaemon, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error in MDaemon's content filter. This can be exploited to write files to arbitrary directories via e.g. a specially crafted email containing a virus-infected attachment with directory traversal sequences in its filename (e.g. "../../../../../file.exe"). Successful exploitation causes the file to be quarantined to an arbitrary directory (e.g. the startup folder), but requires the attachment quarantine feature is enabled. The vulnerability has been confirmed in version 8.0.4. Prior versions may also be affected. Solution: Update to version 8.1.0. Provided and/or discovered by: Tan Chew Keong, Secunia Research. - ---------- Untuk MDaemon 6.x/7.x/8/0.x user yg licensenya sdh expired, bisa download upgrade patch dari sini : ftp://ftp.dutaint.co.id/altn-mdaemon/archive/md805_en.exe ftp://ftp.dutaint.co.id/altn-mdaemon/archive/md725_en.exe ftp://ftp.dutaint.co.id/altn-mdaemon/archive/md687_en.exe BTW. Lucu juga ya, patch dibuat (22/7/05) sebelum security advisory dikeluarkan (27/7/05) :-) - -- syafril - ------- Syafril Hermansyah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC529tJDdq0WWNVhYRAuDAAKCADSx6TFFIeNTFlLM6KMdx0cb4egCfdT/5 WU/z2TnfBm14aWcliKq8/fw= =uy5H -----END PGP SIGNATURE----- -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dalam format HTML! Arsip : <http://mdaemon-l.dutaint.com> Henti Langgan : <mailto:[EMAIL PROTECTED]> Berlangganan : <mailto:[EMAIL PROTECTED]> Versi Terakhir : MD 8.1.0, LD 2.1.0, WA 3.1.4, MDAV 2.2.9, MDOC 2.0.2
