[dspam] [CVE-2007-6418] programming error leading to information disclosure
Bug #195691 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dspam (Debian) |
Fix Released
|
Unknown
|
|||
| dspam (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Dapper |
Fix Released
|
Medium
|
Daniel Hahler | ||
| Edgy |
Fix Released
|
Medium
|
Daniel Hahler | ||
| Feisty |
Fix Released
|
Medium
|
Daniel Hahler | ||
| Gutsy |
Fix Released
|
Medium
|
Daniel Hahler | ||
Bug Description
References:
DSA-1501-1 (http://
Quoting:
"Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam,
a statistical spam filter, included a database password on the command line
when using the MySQL backend. This allowed a local attacker to read the
contents of the dspam database, such as emails."
CVE References
| Changed in dspam: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Daniel Hahler (blueyed) wrote | #1 |
| Changed in dspam: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in dspam: | |
| assignee: | nobody → blueyed |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → blueyed |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → blueyed |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → blueyed |
| importance: | Undecided → High |
| status: | New → In Progress |
| status: | Triaged → Fix Released |
| Changed in dspam: | |
| assignee: | blueyed → nobody |
| status: | In Progress → Triaged |
| assignee: | blueyed → nobody |
| status: | In Progress → Triaged |
| assignee: | blueyed → nobody |
| status: | In Progress → Triaged |
| assignee: | blueyed → nobody |
| status: | In Progress → Triaged |
| importance: | High → Medium |
| importance: | High → Medium |
| Changed in dspam: | |
| importance: | High → Medium |
| importance: | High → Medium |
| importance: | High → Medium |
Revision history for this message
| Daniel Hahler (blueyed) wrote | #6 |
| Changed in dspam: | |
| assignee: | nobody → blueyed |
| status: | Triaged → In Progress |
| status: | Triaged → In Progress |
| assignee: | nobody → blueyed |
| status: | Triaged → In Progress |
| assignee: | nobody → blueyed |
| status: | Triaged → In Progress |
| assignee: | nobody → blueyed |
| Changed in dspam: | |
| status: | In Progress → Triaged |
| status: | In Progress → Triaged |
| status: | In Progress → Triaged |
| status: | In Progress → Triaged |
Revision history for this message
| Daniel Hahler (blueyed) wrote | #7 |
Revision history for this message
| Daniel Hahler (blueyed) wrote | #8 |
Revision history for this message
| Daniel Hahler (blueyed) wrote | #9 |
Revision history for this message
| Daniel Hahler (blueyed) wrote | #10 |
| Changed in dspam: | |
| assignee: | blueyed → nobody |
| status: | Triaged → In Progress |
| assignee: | blueyed → nobody |
| status: | Triaged → In Progress |
| assignee: | blueyed → nobody |
| status: | Triaged → In Progress |
| assignee: | blueyed → nobody |
| status: | Triaged → In Progress |
Revision history for this message
| Kees Cook (kees) wrote | #11 |
| Changed in dspam: | |
| assignee: | nobody → blueyed |
| status: | In Progress → Fix Committed |
| assignee: | nobody → blueyed |
| status: | In Progress → Fix Committed |
| assignee: | nobody → blueyed |
| status: | In Progress → Fix Committed |
| assignee: | nobody → blueyed |
| status: | In Progress → Fix Committed |
| Changed in dspam: | |
| status: | Fix Committed → Fix Released |
| status: | Fix Committed → Fix Released |
| status: | Fix Committed → Fix Released |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is fixed in dspam 3.6.8-5.1, therefore Dapper, Edgy, Feisty and Gutsy are affected.