Arbitrary Code Execution when using -x

spamass-milt-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Arbitrary Code Execution when using -x

From:	Don Armstrong
Subject:	Arbitrary Code Execution when using -x
Date:	Tue, 9 Mar 2010 14:17:26 -0800
User-agent:	Mutt/1.5.20 (2009-06-14)

popen shouldn't be used with user data; there is arbitrary remote code
execution when using -x.

You can temporarily disable -x; see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228 for more
details.


Don Armstrong

-- 
[On a trip back from collecting grass seeds in tropical bird stomachs
and being thought by the customs agents to be transporting Marijuana.]
"Anyone so square as to tell you they are transporting grass seeds is
bound to be ok"
 -- Peter K. Klopfer _Seeds of Doubt_ Science 134:177 10 April 2009

http://www.donarmstrong.com              http://rzlab.ucr.edu

[Prev in Thread]

Current Thread

[Next in Thread]

Arbitrary Code Execution when using -x, Don Armstrong <=
- Re: Arbitrary Code Execution when using -x, Dan Nelson, 2010/03/10
  - Re: Arbitrary Code Execution when using -x, Don Armstrong, 2010/03/10

Next by Date: Re: Arbitrary Code Execution when using -x
Next by thread: Re: Arbitrary Code Execution when using -x
Index(es):
- Date
- Thread