Hi Jim, On Wed, 16 Jun 2004 16:13:47 -0400 UTC (6/16/2004, 3:13 PM -0500 UTC my time), Jim Trigg wrote:
J> Postfix and Exim. I found no security advisories for either on the CERT J> website; that actually covers their entire lifecycles. Postfix: Actually IIRC, there were two, but could only find one in a short time of checking. Postfix versions before 1.1.12 allow an attacker to bounce-scan private networks, or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by analyzing timing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0468 to this issue. Postfix versions from 1.1 up to and including 1.1.12 have a bug where a remote attacker could send a malformed envelope address and: also http://www.net-security.org/advisory.php?id=2327 EXIM http://www.guninski.com/exim1.html or http://www.icetalk.com/Exim-N2588.html same as http://secunia.com/advisories/11558/ and http://www.spinics.net/lists/security/msg01343.html -- Gary Chaos, panic, pandemonium - my work here is done. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"