Test ID:	1.3.6.1.4.1.25623.1.0.54116
Category:	SuSE Local Security Checks
Title:	SuSE Security Advisory SUSE-SA:2003:0012 (hypermail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory SUSE-SA:2003:0012. Hypermail is a tool to convert a Unix mail-box file to a set of cross- referenced HTML documents. During an internal source code review done by Thomas Biege several bugs where found in hypermail and its tools. These bugs allow remote code execution, local tmp race conditions, denial-of-service conditions and read access to files belonging to the host hypermail is running on. Additionally the mail CGI program can be abused by spammers as email- relay and should thus be disabled. There is no temporary fix known other then disabling hypermail. Please download and install the new packages from our FTP servers. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2003:0012 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0025 BugTraq ID: 6559 http://www.securityfocus.com/bid/6559 Bugtraq: 20030108 IMP 2.x SQL injection vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104204786206563&w=2 Bugtraq: 20030108 Re: IMP 2.x SQL injection vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/306268 Debian Security Information: DSA-229 (Google Search) http://www.debian.org/security/2003/dsa-229 http://www.securitytracker.com/id?1005904 http://secunia.com/advisories/8087 http://secunia.com/advisories/8177 SuSE Security Announcement: SuSE-SA:2003:0008 (Google Search)
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.