Candidate: CVE-2008-5313
PublicDate: 2008-12-03 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
Description:
 mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local
 users to overwrite arbitrary files via a symlink attack on certain
 temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate,
 (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in
 /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6)
 kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in
 /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11)
 MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in
 /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15)
 scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp
 configuration file.
Ubuntu-Description:
Notes:
 kees> same as CVE-2008-5312?
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mailscanner:
upstream_mailscanner: released (4.74.16-1)
dapper_mailscanner: ignored (reached end-of-life)
gutsy_mailscanner: needs-triage (reached end-of-life)
hardy_mailscanner: ignored (reached end-of-life)
intrepid_mailscanner: needs-triage (reached end-of-life)
jaunty_mailscanner: not-affected (4.74.16-1)
karmic_mailscanner: not-affected
lucid_mailscanner: not-affected
maverick_mailscanner: not-affected
natty_mailscanner: not-affected
oneiric_mailscanner: DNE
devel_mailscanner: DNE