[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2.99.50s17 available as tarball. SECURITY WARNING
- To: bob@ecf.utoronto.ca (Bob Manson)
- Subject: Re: 2.99.50s17 available as tarball. SECURITY WARNING
- From: Matti Aarnio <mea@nic.funet.fi>
- Date: Wed, 12 May 1999 02:16:31 +0300 (EET DST)
- Cc: zmailer@nic.funet.fi
- In-Reply-To: <Pine.SGI.3.96.990511091730.2338B-100000@skule.ecf> from "Bob Manson" at May 11, 99 09:19:33 am
> We are running an ancient version of zmailer (2.2.e6) that doesn't use a
> smtpserver.conf file. Any suggestions?
I am not quite sure as to what your followup did mean, but...
The entire "epsilon" series contains same problem as original 2.2.1.
Also, all versions of ZMailer share common part at the style flags
handling, at '-s' option, and at possible smtpserver.conf file.
Therefore yes, your version is vulnerable, and the "band-aid" is
already described here. (remove or replace with e.g. "." any instance
of characters 'f', 't', 'v', 'e' in those style flags.)
I did spot and poorly fix it years ago only to learn a few weeks ago
that I didn't do good job. :-/ Our friend \nick said roughly: "I
spotted it long ago too (at 2.2.1?), and fixed it independently, but
that fix product is a brain bender in its own."
My fixed fix is a clean one, no need for Aspirin/Advil/whatnot..
> thanks,
> bob
> Bob Manson Phone (416)978-5898
> Systems Administrator, ECF Fax (416)978-7320
> University of Toronto email bob@ecf.utoronto.ca
> Toronto, Canada M5S 1A4 or bob@ecf.toronto.edu
/Matti Aarnio <mea@nic.funet.fi>