#1  
Old 3rd February 2009, 10:30
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default Mailwatch vulnerability

Just to give you a heads up, users of mailwatch for mailscanner, there is a nasty bug which allows an attacker to read files and directories on your web server.

Details can be found here

http://www.securityfocus.com/bid/31378
http://www.milw0rm.com/exploits/6552
http://web.nvd.nist.gov/view/vuln/de...execution=e1s1

This is actually a worthless option in mailwatch so i would advise you to either remove the file.

Am not on their mailing list so i do not know what fix the author recommends.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamsnake - Mailwatch problem ravx HOWTO-Related Questions 4 2nd December 2008 14:27
Dns vulnerability Fortuyol General 3 11th July 2008 07:35
Releasing non RFC822 messages and attachments through MailWatch Goose Server Operation 8 1st June 2008 21:01
Virtual Users And Domains With Postfix, MailScanner, Mailwatch & MySQL On CentOS 5.1 dellock HOWTO-Related Questions 1 28th March 2008 14:45
ClamAV libclamav MEW PE File Integer Overflow Vulnerability till General 14 22nd December 2007 13:10


All times are GMT +2. The time now is 06:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.