Re: Qmail passing sendmail vulnerability downstream

From: Joerg Over (over@dexia.de)
Date: 03/11/03

  • Next message: David Gillett: "RE: Justifying the spend on a vulnerability scanner"
    Date: Tue, 11 Mar 2003 20:58:29 +0100
    To: security-basics@securityfocus.com
    From: Joerg Over <over@dexia.de>
    
    

    Am 19:12 10.03.03 -0000 teilte Tim Thornton mir folgendes mit:

    -> I understand that Qmail is not vulnerable to the
    ->recent Sendmail issue, but I want to know if Qmail will
    ->still forward the sendmail vulnerability "modified
    ->oversized header" downstream to other MTA's, thus
    ->leaving downstream sendmail servers open to the
    ->vulnerability.

    Dunno if that helps, but postfix with latest version 2.0.6 doesn't anymore
    (2.0.5 did).

    Id wager that qmail does forward the header, and will so unless someone
    provides a patch and you use it, but different from my statement about
    postfix that's speculation.

    hth, jo

    -- 
    +-------------------------------------------------------------------+
    |  __ __ __ __ _ _          just another pointless signature        |
    | / _ \ V / -_) '_/                                                 |
    | \___/\_/\___|_|                                                   |
    +-------------------------------------------------------------------+
    

  • Next message: David Gillett: "RE: Justifying the spend on a vulnerability scanner"