Security Basics mailing list archives
Re: Qmail passing sendmail vulnerability downstream
From: Joerg Over <over () dexia de>
Date: Tue, 11 Mar 2003 20:58:29 +0100
Am 19:12 10.03.03 -0000 teilte Tim Thornton mir folgendes mit: -> I understand that Qmail is not vulnerable to the ->recent Sendmail issue, but I want to know if Qmail will ->still forward the sendmail vulnerability "modified ->oversized header" downstream to other MTA's, thus ->leaving downstream sendmail servers open to the ->vulnerability. Dunno if that helps, but postfix with latest version 2.0.6 doesn't anymore (2.0.5 did). Id wager that qmail does forward the header, and will so unless someone provides a patch and you use it, but different from my statement about postfix that's speculation. hth, jo -- +-------------------------------------------------------------------+ | __ __ __ __ _ _ just another pointless signature | | / _ \ V / -_) '_/ | | \___/\_/\___|_| | +-------------------------------------------------------------------+
Current thread:
- Qmail passing sendmail vulnerability downstream Tim Thornton (Mar 11)
- Re: Qmail passing sendmail vulnerability downstream Bennett Todd (Mar 12)
- R: Qmail passing sendmail vulnerability downstream NewCOM Service Care (Mar 13)
- Re: Qmail passing sendmail vulnerability downstream Joerg Over (Mar 12)
- Re: Qmail passing sendmail vulnerability downstream Bennett Todd (Mar 12)