Mc Security:
> Here are the line numbers for the remaining two items:
>
> 1. Buffer overflow Sourcefile: dns_rr.c, Line: 129, Module: dnsblog
False positive. Veracode does not understand how the code works.
> 2. Buffer oevrflow Sourcefile: tls_scache.c, Line: 208, Module: smtpd
Same thi
> On Nov 21, 2016, at 5:44 PM, Mc Security wrote:
>
> I see that there is careful memory allocation done for DNS_RR and
> TLS_SCACHE_ENTRY in in dns_rr.c and tls_scache.c respectively so that buffer
> overflow is not caused. However, a confirmation would be great.
I think the correct protoco
I see that there is careful memory allocation done for DNS_RR and
TLS_SCACHE_ENTRY in in dns_rr.c and tls_scache.c respectively so that
buffer overflow is not caused. However, a confirmation would be great.
On Mon, Nov 21, 2016 at 1:51 PM, Mc Security wrote:
> Here are the line numbers for the
Here are the line numbers for the remaining two items:
1. Buffer overflow Sourcefile: dns_rr.c, Line: 129, Module: dnsblog
2. Buffer oevrflow Sourcefile: tls_scache.c, Line: 208, Module: smtpd
Thanks,
Mc.
On Wed, Nov 16, 2016 at 9:40 PM, Mc Secuirty wrote:
> Wietse:
>
> Thank you ver
Wietse:
Thank you very much for the response. I will look at the remaining two
items to see if they are also false positives based on the information you
provided for the other items. If I can't, I will try to get the lines
numbers at least for those two.
Thanks
Mc.
On Wed, Nov 16, 2016 at 7:54
McSec:
> A Veracode scan reported the following vulnerabilites in postfix 3.0.1:
>
> vulnerabilitymodulesource
> Buffer Over Flowdnsblog home/.../src/dns/dns_rr.c
> Buffer Over Flowsmtpd home/.../src/tls/tls_scache.c
There is no line number information, t
While scanners are a great tool, blindly taking their results as
inquestionable true can lead to disasters. The Debian SSL keys
generation disaster is a proof of that.
Em 16/11/16 13:38, McSec escreveu:
A Veracode scan reported the following vulnerabilites in postfix 3.0.1:
vulnerabilit
--
> If you reply to this email, your message will be added to the discussion
> below:
> http://postfix.1071664.n5.nabble.com/Veracode-reported-
> vulnerabilities-tp87320p87323.html
> To unsubscribe from Veracode reported vulnerabilities, click here
> <http://postfi
On 16 Nov 2016, at 10:38, McSec wrote:
A Veracode scan reported the following vulnerabilites in postfix
3.0.1:
Just curious: why bother with analyzing an obsolete version? Latest
releases are 3.1.3 and 3.0.7.
Also, have you read the release notes for 3.0.{2..7}?
vulnerabilities or false positives?
Thanks
Mc.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Veracode-reported-vulnerabilities-tp87320.html
Sent from the Postfix Users mailing list archive at Nabble.com.
10 matches
Mail list logo
