Linuxconf恶意模块邮件转发漏洞

漏洞信息详情

Linuxconf恶意模块邮件转发漏洞

• CNNVD编号：CNNVD-200211-028
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1278
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2002-11-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  jacques_gelinas
• 漏洞来源：
  Vulnerability anno…

Conectiva Linux 6.0至8版本及可能其他发布版本上的Linuxconf 1.24和其他1.28之前版本的mailconf模块配置Sendmail为开放邮件转发形式，生成Sendmail配置文件(sendmail.cf)。远程攻击者可以利用该漏洞发送Spam邮件。

Conectiva has released a security advisory containing fixes.
Fixes are available:
Jacques Gelinas Linuxconf 1.2.4 r2

• Conectiva linuxconf-1.24r2-6U60_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/linuxconf-1.24r2-6U60_1c
  l.src.rpm
• Conectiva linuxconf-mailconf-1.24r2-6U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/linuxconf-mailconf-1.24r2
  -6U60_1cl.i386.rpm

Jacques Gelinas Linuxconf 1.2.5 r3

• Conectiva linuxconf-1.25r3-27U70_2cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/linuxconf-1.25r3-27U70_2
  cl.src.rpm
• Conectiva linuxconf-1.25r3-39U80_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/linuxconf-1.25r3-39U80_1cl
  .src.rpm
• Conectiva linuxconf-mailconf-1.25r3-27U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/linuxconf-mailconf-1.25r3
  -27U70_2cl.i386.rpm
• Conectiva linuxconf-mailconf-1.25r3-39U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/linuxconf-mailconf-1.25r3-3
  9U80_1cl.i386.rpm

来源: XF
名称: linuxconf-sendmail-mail-relay(10554)
链接:http://www.iss.net/security_center/static/10554.php

来源: BID
名称: 6118
链接:http://www.securityfocus.com/bid/6118

来源: OSVDB
名称: 6066
链接:http://www.osvdb.org/6066

来源: CONECTIVA
名称: CLA-2002:544
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544