Pak Syafril. Bagaimana dengan yang menggunakan mdaemon versi 7.2.3 ? apakah menggunakan patch seperti dibawah ini atau bagaimana?
thanks -----Original Message----- From: Syafril Hermansyah <[EMAIL PROTECTED]> To: <[email protected]> Date: Wed, 27 Jul 2005 18:26:37 +0700 Subject: [mdaemon-l] Perhatian utk para postmaster : MDaemon Content Filter Directory Traversal Vulnerability > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hallo, > > http://secunia.com/advisories/16173/ > > Secunia Research has discovered a vulnerability in MDaemon, which can > be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an input validation error in > MDaemon's > content filter. This can be exploited to write files to arbitrary > directories > via e.g. a specially crafted email containing a virus-infected > attachment with > directory traversal sequences in its filename (e.g. > "../../../../../file.exe"). > > Successful exploitation causes the file to be quarantined to an > arbitrary > directory (e.g. the startup folder), but requires the attachment > quarantine > feature is enabled. > > The vulnerability has been confirmed in version 8.0.4. Prior versions > may also > be affected. > > Solution: > Update to version 8.1.0. > > Provided and/or discovered by: > Tan Chew Keong, Secunia Research. > - ---------- > > Untuk MDaemon 6.x/7.x/8/0.x user yg licensenya sdh expired, bisa > download > upgrade patch dari sini : > > ftp://ftp.dutaint.co.id/altn-mdaemon/archive/md805_en.exe > ftp://ftp.dutaint.co.id/altn-mdaemon/archive/md725_en.exe > ftp://ftp.dutaint.co.id/altn-mdaemon/archive/md687_en.exe > > BTW. Lucu juga ya, patch dibuat (22/7/05) sebelum security advisory > dikeluarkan (27/7/05) :-) > > - -- > syafril > - ------- > Syafril Hermansyah > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFC529tJDdq0WWNVhYRAuDAAKCADSx6TFFIeNTFlLM6KMdx0cb4egCfdT/5 > WU/z2TnfBm14aWcliKq8/fw= > =uy5H > -----END PGP SIGNATURE----- > > > -- > --[MDaemon-L]------------------------------------------------ > Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. > Mohon tidak posting dalam format HTML! > > Arsip : <http://mdaemon-l.dutaint.com> > Henti Langgan : <mailto:[EMAIL PROTECTED]> > Berlangganan : <mailto:[EMAIL PROTECTED]> > Versi Terakhir : MD 8.1.0, LD 2.1.0, WA 3.1.4, MDAV 2.2.9, MDOC 2.0.2 > -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dalam format HTML! Arsip : <http://mdaemon-l.dutaint.com> Henti Langgan : <mailto:[EMAIL PROTECTED]> Berlangganan : <mailto:[EMAIL PROTECTED]> Versi Terakhir : MD 8.1.1, LD 2.1.0, WA 3.1.4, MDAV 2.2.9, MDOC 2.0.2
