Bugtraq mailing list archives
Gld 1.5 released (security fix)
From: Salim Gasmi <salim () gasmi net>
Date: 13 Apr 2005 17:47:36 -0000
In-Reply-To: <20050412004111.562AC7A890E () ws4-4 us4 outblaze com> Hi, gld 1.5 has been released today . This version fixes the issues and add new features . You can download it here : http://www.gasmi.net/down/gld-1.5.tgz Note about the exploit released: To be effective, the exploit needs to connect via TCP to gld. Normally, gld listen only to loopback interface (default option) and thus disable the exploit. In the rare cases, where gld listen on a real network interface (in case where gld server is on a different host than smtp servers) it must be configured to only accept trusted smtp servers to connect to and of course not everybody, this of course disable the exploit too. Finally, by default gld run as nobody, and thus, no root access should be directly possible via gld . Best regards, Salim
Current thread:
- Gld 1.5 released (security fix) Salim Gasmi (Apr 13)