[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Header re-write

To: zmailer@nic.funet.fi
Subject: Re: Header re-write
From: John Gardiner Myers <jgm+@CMU.EDU>
Date: Thu, 16 Feb 1995 20:15:18 -0500 (EST)
Beak: is Not
In-Reply-To: <21194.792956459@yukon.cren.org>
References: <21194.792956459@yukon.cren.org>

Marco Hernandez <marco@yukon.cren.org> writes:
> If you don't want to "divulge"
> holes to the list, then let the developer know your thought.... 

I did report these problems to Matti quite some time ago.  Last I
heard, he had fixed many instances of the problem in his sources but
wasn't able to find all such instances.  The nature of the bug is such
that the system administrator can easily and inadvertantly create new
instances of the hole in the process of installing and maintaining
Zmailer.

A proper fix would require incompatibly replacing a core component of
Zmailer.  The scope of the bug is that an attacker can cause the
Zmailer subsystem to execute fairly arbitrary commands.

Janus reportedly runs Zmailer in a restricted environment, so its
vulnerability to Zmailer bugs would seem to be limited.

References:
- Re: Header re-write
  - From: Marco Hernandez <marco@yukon.cren.org>

Prev by Date: Janus and zmailer (Was Re: Header re-write)
Next by Date: YP Support
Prev by thread: Re: Header re-write
Next by thread: Janus and zmailer (Was Re: Header re-write)
Index(es):
- Date
- Thread