[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

major security bug (reported 10-May)

To: Zmailer <zmailer@nic.funet.fi>
Subject: major security bug (reported 10-May)
From: Tomasz Bojakowski <mad@pin.pl>
Date: Mon, 14 Jun 1999 15:33:45 +0000
Organization: PIN
Sender: mad@ultra.pin.pl

    Hi

Recently I've changed my zmailer from 2.99.50s11 on 2.99.50s19 - cvs
version (due to major security bug mentioned on www.zmailer.org).
Evrything seems to be fine. However one thing is still unclear form me.

--------------------------------------------------------------------
If following happens when talking to your SMTP server, then your system
is not vulnerable:

->> MAIL FROM:<"Sinead O'Connor"@domain.nam>
<<- 501 Syntax error in parameters or arguments
--------------------------------------------------------------------

Well... the thing is that when I "talk" (telnet myhost 25)  with zmailer
and type
MAIL FROM:<"Some Text"@domain.nam>
It says "Syntax OK"....

I'm sure that zmailer is not in the interactive mode.
(set options to smtpserver.conf just like on
http://www.zmailer.org/securitybug.html and turned of -sve in
/etc/zmailer.conf)
So... what is going on ?
Am I still vurneable or not ?

        Tomasz Bojakowski

--
|"Don't get mad, get even."
|Tomasz Bojakowski <--> MadKarrde / Anakata
|mad@pin.pl , mad@anakata.art.pl , mad@irc.pl
-------------------------------------------->

Prev by Date: Re: glibc 2.1 contained BSD DB 2.1 seems to leak mmap()s
Next by Date: Weird alias file parsing
Prev by thread: Re: glibc 2.1 contained BSD DB 2.1 seems to leak mmap()s
Next by thread: Weird alias file parsing
Index(es):
- Date
- Thread