The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an malicious user to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mailscanner mailscanner 4.79.11-2 |