CVE-2010-3292

Name of the Vulnerable Software and Affected Versions mailscanner version 4.79.11-2

Description The issue concerns the update{ bad,} phishing sites scripts in mailscanner, which download files without using encryption or digital signature checking. This could allow an attacker to replace certain configuration files, such as the phishing whitelist, via DNS or packet spoofing.

Recommendations For mailscanner version 4.79.11-2, consider disabling the update{ bad,} phishing sites scripts until a secure update mechanism is implemented to prevent potential exploitation. Restrict access to configuration files to minimize the risk of unauthorized modifications.