131145 : [DSA1501] DSA-1501-1 Dspam

Risk 2 : Debian Local Checks

Tobias Gr&uuml tzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line. This allowed a local attacker to read the contents of the dspam database, such as emails. The old stable distribution (sarge) does not contain the dspam package. For the stable distribution (etch), this problem has been fixed in version 3.6.8-5etch1.

Solution:
The Debian project recommends that you upgrade your dspam package.
References:
CVSS Information:
Low Attack Complexity, Partial Confidentiality Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse