Rapid7 Vulnerability & Exploit Database

SUSE-SA:2002:041: perl-MailTools

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2002:041: perl-MailTools

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

11/12/2002

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

The SUSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly.

The MD5 sums of the previous Announcement with ID SUSE-SA:2002:041 have been wrong. They have been corrected and the Date field in the header has been updated to reflect this.

Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web.

Solution(s)

References

SUSE-SA:2002:041
http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;