Security Basics mailing list archives

Re: Qmail passing sendmail vulnerability downstream

From: Joerg Over <over () dexia de>
Date: Tue, 11 Mar 2003 20:58:29 +0100

Am 19:12 10.03.03 -0000 teilte Tim Thornton mir folgendes mit:

->  I understand that Qmail is not vulnerable to the
->recent Sendmail issue, but I want to know if Qmail will
->still forward the sendmail vulnerability "modified
->oversized header" downstream to other MTA's, thus
->leaving downstream sendmail servers open to the
->vulnerability.

Dunno if that helps, but postfix with latest version 2.0.6 doesn't anymore
(2.0.5 did).

Id wager that qmail does forward the header, and will so unless someone
provides a patch and you use it, but different from my statement about
postfix that's speculation.

hth, jo
-- 
+-------------------------------------------------------------------+
|  __ __ __ __ _ _          just another pointless signature        |
| / _ \ V / -_) '_/                                                 |
| \___/\_/\___|_|                                                   |
+-------------------------------------------------------------------+

Current thread:

Qmail passing sendmail vulnerability downstream Tim Thornton (Mar 11)
- Re: Qmail passing sendmail vulnerability downstream Bennett Todd (Mar 12)
  - R: Qmail passing sendmail vulnerability downstream NewCOM Service Care (Mar 13)
- Re: Qmail passing sendmail vulnerability downstream Joerg Over (Mar 12)