[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

major security bug (reported 10-May)


Recently I've changed my zmailer from 2.99.50s11 on 2.99.50s19 - cvs
version (due to major security bug mentioned on www.zmailer.org).
Evrything seems to be fine. However one thing is still unclear form me.

If following happens when talking to your SMTP server, then your system
is not vulnerable:

->> MAIL FROM:<"Sinead O'Connor"@domain.nam>
<<- 501 Syntax error in parameters or arguments

Well... the thing is that when I "talk" (telnet myhost 25)  with zmailer
and type
MAIL FROM:<"Some Text"@domain.nam>
It says "Syntax OK"....

I'm sure that zmailer is not in the interactive mode.
(set options to smtpserver.conf just like on
http://www.zmailer.org/securitybug.html and turned of -sve in
So... what is going on ?
Am I still vurneable or not ?

        Tomasz Bojakowski

|"Don't get mad, get even."
|Tomasz Bojakowski <--> MadKarrde / Anakata
|mad@pin.pl , mad@anakata.art.pl , mad@irc.pl