Article 53Q3N A remote code execution vulnerability in qmail

A remote code execution vulnerability in qmail

by
corbet
from LWN.net on (#53Q3N)
Just in case anybody out there is still using qmail: a remote codeexecution vulnerability has just been disclosed. Its CVE number isCVE-2005-1513 because, as it turns out, the problem was reported 15 yearsago but the fix was refused by the maintainer."As a proof of concept, we developed a reliable, local and remote exploitagainst Debian's qmail package in its default configuration. This proofof concept requires 4GB of disk space and 8GB of memory, and allows anattacker to execute arbitrary shell commands as any user, except root(and a few system users who do not own their home directory)."
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments