procmail
[Top] [All Lists]

rnmbogus() local format string vuln?

2003-10-16 18:14:50
The following was in today's SANS Security Alert Consensus newsletter:

  *** {03.41.011} Cross - procmail rnmbogus() local format string vuln

  A posted advisory indicates that a potential format string vulnerability
  in the rnmbogus() function of procmail would allow a local attacker to
  execute arbitrary code with elevated privileges if procmail is
  setuid/setgid.

  This vulnerability is not confirmed.

  Source: SecurityFocus Vuln-Dev
  http://archives.neohapsis.com/archives/vuln-dev/2003-q4/0022.html

Procmail may be installed setuid where it is used as the LDA.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail