Mailwatch vulnerability

Discussion in 'Server Operation' started by topdog, Feb 3, 2009.

  1. topdog

    topdog Active Member HowtoForge Supporter

    Just to give you a heads up, users of mailwatch for mailscanner, there is a nasty bug which allows an attacker to read files and directories on your web server.

    Details can be found here

    http://www.securityfocus.com/bid/31378
    http://www.milw0rm.com/exploits/6552
    http://web.nvd.nist.gov/view/vuln/detail;jsessionid=b76f5c316e0474385660a4b8c801?execution=e1s1

    This is actually a worthless option in mailwatch so i would advise you to either remove the file.

    Am not on their mailing list so i do not know what fix the author recommends.
     

Share This Page