GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Nov 21, 2006 3:26 pm Post subject: [ GLSA 200611-15 ] qmailAdmin: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: qmailAdmin: Buffer overflow (GLSA 200611-15)
Severity: high
Exploitable: remote
Date: November 21, 2006
Bug(s): #153896
ID: 200611-15
Synopsis
qmailAdmin is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code.
Background
qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains.
Affected Packages
Package: net-mail/qmailadmin
Vulnerable: < 1.2.10
Unaffected: >= 1.2.10
Architectures: All supported architectures
Description
qmailAdmin fails to properly handle the "PATH_INFO" variable in qmailadmin.c. The PATH_INFO is a standard CGI environment variable filled with user supplied data.
Impact
A remote attacker could exploit this vulnerability by sending qmailAdmin a maliciously crafted URL that could lead to the execution of arbitrary code with the permissions of the user running qmailAdmin.
Workaround
There is no known workaround at this time.
Resolution
All qmailAdmin users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/qmailadmin-1.2.10" |
References
CVE-2006-1141
Last edited by GLSA on Thu Dec 04, 2008 4:18 am; edited 4 times in total |
|
News & Announcements
