[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2.99.50s17 available as tarball. SECURITY WARNING
> So one should modify as follows?:
>
> localhost 999 ftveR
> some.host.domain 999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
> \[*\] 999 ve
> * 999 veR
>
> to:
>
> localhost 999 R
> some.host.domain 999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
> \[*\] 999
> * 999 R
That "ve" -> "" could be "." to avoid empty line.
Yes. Plus running smtpserver with " -s . " option instead
of " -s ve " which it likely has now. (Closes all entrances.)
> And could the vunerability be clarified?
Very good question. How much could I tell without endangering
everybody's servers ? To my knowledge I am only one who knows
its precise nature, and I would prefer it to stay that way.
I would prefer this *not* to appear at bugtraq in form of an exploit...
If there is demand, I can back-port the fix to older versions too.
> Thanks.
> --
> Daryle A. Tilroe |------------------------------|
> Systems Administrator | email: daryle@amc.ab.ca |
> Alberta Micro. Corp. | Web: http://www.amc.ab.ca |
/Matti Aarnio <mea@nic.funet.fi>