Joined: 12 May 2004
|Posted: Thu Sep 27, 2012 1:26 pm Post subject: [ GLSA 201209-18 ] Postfixadmin: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: Postfixadmin: Multiple vulnerabilities (GLSA 201209-18)
Date: September 27, 2012
Multiple vulnerabilities have been found in Postfixadmin which may
lead to SQL injection or cross-site scripting attacks.
Postfixadmin is a web-based management tool for Postfix-style virtual
domains and users.
Vulnerable: < 2.3.5
Unaffected: >= 2.3.5
Architectures: All supported architectures
Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site
scripting vulnerabilities (CVE-2012-0812) have been found in
A remote attacker could exploit these vulnerabilities to execute
arbitrary SQL statements or arbitrary HTML and script code.
There is no known workaround at this time.
All Postfixadmin users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/postfixadmin-2.3.5"