procmail
[Top] [All Lists]

Re: SpamDunk Project spamfilter July 4 update

1998-07-07 10:14:50
        Author: Jacques Gauthier <jacques_g(_at_)yahoo(_dot_)com>
        Date:   Mon, 6 Jul 1998 12:49:21 -0700 (PDT)
        ID:     
<19980706194922(_dot_)29296(_dot_)rocketmail(_at_)send1d(_dot_)yahoomail(_dot_)com>

What security hole ? Does earlier versions have the
same security hole ?

I believe this hole is when the HELO prompt is followed by a lot of  
characters and causes a buffer overflow which prevents the hostname/ip from  
being logged.

Sendmail 8.9 was the first to solve this problem.  See the release notes for  
more information

TjL

ps -- 8.9.1 was just released

<Prev in Thread] Current Thread [Next in Thread>