Re: Qmail passing sendmail vulnerability downstream
From: Joerg Over (over@dexia.de)
Date: 03/11/03
- Previous message: Jacob: "RE: Firewall recommendations?"
- In reply to: Tim Thornton: "Qmail passing sendmail vulnerability downstream"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Mar 2003 20:58:29 +0100 To: security-basics@securityfocus.com From: Joerg Over <over@dexia.de>
Am 19:12 10.03.03 -0000 teilte Tim Thornton mir folgendes mit:
-> I understand that Qmail is not vulnerable to the
->recent Sendmail issue, but I want to know if Qmail will
->still forward the sendmail vulnerability "modified
->oversized header" downstream to other MTA's, thus
->leaving downstream sendmail servers open to the
->vulnerability.
Dunno if that helps, but postfix with latest version 2.0.6 doesn't anymore
(2.0.5 did).
Id wager that qmail does forward the header, and will so unless someone
provides a patch and you use it, but different from my statement about
postfix that's speculation.
hth, jo
-- +-------------------------------------------------------------------+ | __ __ __ __ _ _ just another pointless signature | | / _ \ V / -_) '_/ | | \___/\_/\___|_| | +-------------------------------------------------------------------+
- Previous message: Jacob: "RE: Firewall recommendations?"
- In reply to: Tim Thornton: "Qmail passing sendmail vulnerability downstream"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
