Perl::Mailtools vulnerability

Richard_Massa · November 15, 2002, 5:26pm

Question:

Does the recent Perl::MailTools vulnerability (http://online.securityfocus.com/advisories/4631) affect RT? Should it be fine to upgrade to the latest version
1.51?

Thanks,
Richard

THERE IS ALMOST NO LEGAL, HIGH QUALITY CONTENT AVAILABLE ON THE INTERNET.
-Sen. Ernest Hollings D-S.C.

Phil_Homewood2 · November 16, 2002, 12:31am

Richard Massa wrote:

Does the recent Perl::MailTools vulnerability
(http://online.securityfocus.com/advisories/4631) affect RT? Should it
be fine to upgrade to the latest version 1.51?

Upgrading should not affect RT. The vulnerability is in
Mail::Mailer; RT does not use Mail::Mailer itself as far
as I can see. (In fact, it appears that the only part
of the MailTools suite it uses is Mail::Address, which
does not use Mail::Mailer.)

Some contrib scripts (eg, “nag”) might be affected,
however I suspect an exploit via “nag” at least would
be rather difficult.
Phil Homewood, Systems Janitor, www.SnapGear.com
pdh@snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances