Security vulnerability in the patch packaging for NetMail 3.5.2.

  • 10098022
  • NOVL102449
  • 17-Jun-2005
  • 17-Jun-2005

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Fact

Novell NetMail 3.5.2

Symptom

Security vulnerability in the patch packaging for NetMail 3.5.2.

This vulnerability affected the 3.5.2a, 3.5.2b, and 3.5.2c releases of NetMail.

Cause

Files in the Linux distribution of the NetMail 3.52a, 3.52b and 3.52c patches had the owner ID and group ID set to 500. If these patches are installed on a system where user ID 500 exists or where users belong to group ID 500, these users could delete or replace the netmail binaries.

Symptom

This is CAN-2005-1976.

Fix

This problem has been resolved with the release of NetMail 3.5.2c1.  Although the problem only existed for the Linux binaries, Novell has released NetMail 3.5.2c1 for all platforms to ensure version consistency between platforms.  If you have already applied NetMail 3.5.2c for NetWare or Windows, you do NOT need to update to NetMail 3.5.2c1.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.