Enemies of Carlotta是一款简单的邮件列表管理器。 Enemies of Carlotta在处理用户参数时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意命令。 在被用作其他应用程序的shell参数之前,Enemies of Carlotta没有正确地过滤SMTP级的邮件地址,允许远程攻击者在邮件地址中嵌入shell元字符导致执行任意命令。 Lars Wirzenius Enemies of Carlotta 1.2.3 Debian已经为此发布了一个安全公告(DSA-1236-1)以及相应补丁: DSA-1236-1:New enemies-of-carlotta package fix missing sanity checks 链接:<a href="http://www.debian.org/security/2005/dsa-1236" target="_blank">http://www.debian.org/security/2005/dsa-1236</a> 补丁下载: Source archives: <a href="http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz</a> Size/MD5 checksum: 50970 c128776396562ef1c678e438422d11fb <a href="http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc"...
Enemies of Carlotta是一款简单的邮件列表管理器。 Enemies of Carlotta在处理用户参数时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意命令。 在被用作其他应用程序的shell参数之前,Enemies of Carlotta没有正确地过滤SMTP级的邮件地址,允许远程攻击者在邮件地址中嵌入shell元字符导致执行任意命令。 Lars Wirzenius Enemies of Carlotta 1.2.3 Debian已经为此发布了一个安全公告(DSA-1236-1)以及相应补丁: DSA-1236-1:New enemies-of-carlotta package fix missing sanity checks 链接:<a href="http://www.debian.org/security/2005/dsa-1236" target="_blank">http://www.debian.org/security/2005/dsa-1236</a> 补丁下载: Source archives: <a href="http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz</a> Size/MD5 checksum: 50970 c128776396562ef1c678e438422d11fb <a href="http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc" target="_blank">http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc</a> Size/MD5 checksum: 615 15c19c6a0ba8b3350f7ada9074713d12 <a href="http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz</a> Size/MD5 checksum: 3587 c5e36788f3e1375c1f97533f1692de4a Architecture independent packages: <a href="http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb" target="_blank">http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb</a> Size/MD5 checksum: 42722 d78136bff713315256626eec51521c83 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Lars Wirzenius -------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://liw.iki.fi/liw/eoc/enemies-of-carlotta-1.2.4.tar.gz" target="_blank">http://liw.iki.fi/liw/eoc/enemies-of-carlotta-1.2.4.tar.gz</a>
