Info

Disclosure

Nov 05, 2002

Discovery

Unknown

Dates

Exploit

Nov 05, 2002

Solution

Unknown

Description

Conectiva linuxconf contains a flaw that may allow a remote attacker to send e-mail without authenticating (ie: "spam"). The problem is that linuxconf utility generates the sendmail configuration file (sendmail.cf) with options that configures sendmail to run as an open mail relay.

Classification

Location: Remote/Network Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.29r1 or higher or apply the appropriate patches from Conectiva, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Jacques Gelinas	linuxconf	1.2.4 r2
		1.2.5 r3

References

ISS X-Force ID: 10554
CVE ID: 2002-1278 (see also: NVD)
Bugtraq ID: 6118
Vendor Specific Advisory URL: http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=6597
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000544
Vendor URL: http://www.solucorp.qc.ca/linuxconf/

Credit

Ademar de Souza Reis Jr. - ademarconectiva.com.br -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Jacques Gelinas

linuxconf

References

Credit