Advisories

Mandriva Advisories

Package name	perl-MailTools
Date	November 7th, 2002
Advisory ID	MDKSA-2002:076
Affected versions	7.2, 8.0, 8.1, 8.2, 9.0
Synopsis	Updated perl-MailTools packages fix arbitrary code execution vulnerability

Problem Description

A vulnerability was discovered in Mail::Mailer perl module by the SuSE
security team during an audit. The vulnerability allows remote
attackers to execute arbitrary commands in certain circumstances due
to the usage of mailx as the default mailer, a program that allows
commands to be embedded in the mail body.

This module is used by some auto-response programs and spam filters
which make use of Mail::Mailer.

Updated Packages

Mandrakelinux 7.2

 6bdea6465f1d92aac284b1ba523e1727  7.2/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  7.2/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 8.0

 6fda1fab459626c3c37226a18f722a7a  8.0/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  8.0/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 a808f7a6c9301a06cf632d51c27a04c5  ppc/8.0/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  ppc/8.0/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 8.1

 3311eb83dfad00597c91d5a325b66c72  8.1/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  8.1/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 77a07cf93bb5ab1c767f43cbe55edb7f  ia64/8.1/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  ia64/8.1/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 8.2

 4f9a39b0a7c2102395618e674dd1fd93  8.2/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  8.2/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 3161be8fdc7c9bc176f8eafb6f2f2388  ppc/8.2/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  ppc/8.2/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

Mandrakelinux 9.0

 4fbfa7cc821ce3e785fb2449eb58afb8  9.0/RPMS/perl-MailTools-1.47-1.1mdk.noarch.rpm
8a2f9e0d6da7ab31077374629cceb20f  9.0/SRPMS/perl-MailTools-1.47-1.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer