MailScanner Multiple Insecure Temporary Files Vulnerabilities Network Vulnerability

Summary

This host is installed with MailScanner and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can compromise a vulnerable system.

Solution

Upgrade to the latest MailScanner version 4.74.7-2 or later http://www.mailscanner.info/downloads.html

Insight

The flaws are due to, - Several autoupdate scripts for f-prot-autoupdate, clamav-autoupdate, panda-autoupdate, trend-autoupdate, bitdefender-wrapper, kaspersky-wrapper etc. use temporary files in an insecure manner. - The SpamAssassin and TNEF handlers use temporary files in an insecure manner. These can be exploited to affects local users to overwrite arbitrary files via symlink attacks.

Affected

MailScanner version prior to 4.74.7-2 on Linux.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
http://secunia.com/advisories/33117/
http://www.openwall.com/lists/oss-security/2008/11/29/1

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5312, CVE-2008-5313

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CA Gateway Security Remote Code Execution Vulnerability
Apple Safari 'background' Remote Denial Of Service Vulnerability
Apache Tomcat Multiple Vulnerabilities - 03 Mar14
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Apple Safari Webkit Multiple Vulnerabilities - March 2011

Take action and discover your vulnerabilities