Date: Wed, 16 Jun 2004 15:32:48 -0500 From: Gary <gv-list-freebsdquestions@mygirlfriday.info> To: Jim Trigg <freebsd-questions@freebsd.org> Subject: Re[2]: Mail Message-ID: <786347175.20040616153248@mygirlfriday.info> In-Reply-To: <20040616201347.GB29666@spamcop.net> References: <40D023A1.8090009@cs.uiowa.edu> <20040616140305.GD32001@millerlite.local.mark-and-erika.com> <20040616145305.GB15913@ei.bzerk.org> <40D081D1.1060606@mac.com> <16592.38955.399680.399710@jerusalem.litteratus.org> <20040616201347.GB29666@spamcop.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jim,
On Wed, 16 Jun 2004 16:13:47 -0400 UTC (6/16/2004, 3:13 PM -0500 UTC my
time), Jim Trigg wrote:
J> Postfix and Exim. I found no security advisories for either on the CERT
J> website; that actually covers their entire lifecycles.
Postfix: Actually IIRC, there were two, but could only find one in a short
time of checking.
Postfix versions before 1.1.12 allow an attacker to bounce-scan private
networks, or use the daemon as a DDoS tool by forcing the daemon to connect
to an arbitrary service at an arbitrary IP address and receiving either a
bounce message or by analyzing timing. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0468 to
this issue.
Postfix versions from 1.1 up to and including 1.1.12 have a bug where a
remote attacker could send a malformed envelope address and:
also
http://www.net-security.org/advisory.php?id=2327
EXIM
http://www.guninski.com/exim1.html
or http://www.icetalk.com/Exim-N2588.html same as http://secunia.com/advisories/11558/
and http://www.spinics.net/lists/security/msg01343.html
--
Gary
Chaos, panic, pandemonium - my work here is done.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?786347175.20040616153248>