The following was in today's SANS Security Alert Consensus newsletter:
*** {03.41.011} Cross - procmail rnmbogus() local format string vuln
A posted advisory indicates that a potential format string vulnerability
in the rnmbogus() function of procmail would allow a local attacker to
execute arbitrary code with elevated privileges if procmail is
setuid/setgid.
This vulnerability is not confirmed.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2003-q4/0022.html
Procmail may be installed setuid where it is used as the LDA.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail