Re: qmail 2.0 exploit

2001-03-04 Thread Charles Cazabon
skyper <[EMAIL PROTECTED]> wrote: > im new to the list...just read the topic. Not well enough, evidently. > someone gimme infos about this exploit. There isn't one. It was a hypothetical argument. Charles -- --- Charles Caza

Re: qmail 2.0 exploit

2001-03-04 Thread Peter van Dijk
On Sun, Mar 04, 2001 at 12:48:01PM +, skyper wrote: [snip] > > hi. > im new to the list...just read the topic. > someone gimme infos about this exploit. There is no exploit. > which part of the source is vulnerable ? None. > which file ? line ? None. None. > any fix ? None necessary.

Re: qmail 2.0 exploit

2001-03-04 Thread skyper
On Sun, Mar 04, 2001 at 07:14:59PM +1100, Brett Randall wrote: > On 02 Mar 2001, [EMAIL PROTECTED] wrote: > > > Dan could fix this by releasing qmail-1.03.1 with different > > installation instructions. Of course, if he did, some people would > > take that to be an admission that there actually

RE: qmail 2.0 exploit

2001-03-04 Thread David Coley
EMAIL PROTECTED] Subject: Re: qmail 2.0 exploit On 02 Mar 2001, [EMAIL PROTECTED] wrote: > Dan could fix this by releasing qmail-1.03.1 with different > installation instructions. Of course, if he did, some people would > take that to be an admission that there actually is a security ho

Re: qmail 2.0 exploit

2001-03-03 Thread Brett Randall
On 02 Mar 2001, [EMAIL PROTECTED] wrote: > Dan could fix this by releasing qmail-1.03.1 with different > installation instructions. Of course, if he did, some people would > take that to be an admission that there actually is a security hole in > qmail-1.03. Who cares what other people think? I

Re: qmail 2.0 exploit

2001-03-02 Thread Ian Lance Taylor
David Dyer-Bennet <[EMAIL PROTECTED]> writes: > Ian Lance Taylor <[EMAIL PROTECTED]> writes: > > > Obviously there isn't anything wrong with qmail. And obviously these > > bug reports are highly misleading in implying that there is a bug > > which needs to be fixed in qmail. But I do think tha

Re: qmail 2.0 exploit

2001-03-02 Thread Ian Lance Taylor
"Jason Brooke" <[EMAIL PROTECTED]> writes: > That's all well and good though, until your comment about tcpserver not > preventing this DOS. If this is true then I have to withdraw. > > I run qmail under tcpserver on variety of slackware 7.1 installs and and a > couple of slackware 4.0 installs,

Re: qmail 2.0 exploit

2001-03-02 Thread David Dyer-Bennet
Ian Lance Taylor <[EMAIL PROTECTED]> writes: > Obviously there isn't anything wrong with qmail. And obviously these > bug reports are highly misleading in implying that there is a bug > which needs to be fixed in qmail. But I do think that the bug reports > have a point: if you install qmail-1.

Re: qmail 2.0 exploit

2001-03-02 Thread Jason Brooke
s :) jason - Original Message - From: "Ian Lance Taylor" <[EMAIL PROTECTED]> To: "Jason Brooke" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 02, 2001 6:01 PM Subject: Re: qmail 2.0 exploit > I would say that that is a mere

Re: qmail 2.0 exploit

2001-03-01 Thread Ian Lance Taylor
"Jason Brooke" <[EMAIL PROTECTED]> writes: > > If you run qmail-smtpd directly from inetd.conf, as suggested in the > > INSTALL file distributed with qmail-1.03, then there is a pretty good > > chance that the instance of qmail-smtpd being attacked will grow to > > eat of all of memory. What hap

Re: qmail 2.0 exploit

2001-03-01 Thread Jason Brooke
From: "Ian Lance Taylor" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 01, 2001 2:59 PM Subject: Re: qmail 2.0 exploit > Peter Cavender <[EMAIL PROTECTED]> writes: > > > What is this qmail version 2.0 that securityfocus.com claims

Re: qmail 2.0 exploit

2001-03-01 Thread Jason Brooke
I get the feeling this would've already been well and truly covered on this list, but just out of curiosity I tried it anyway. On slackware 7.1 installed in vmware under win2k pro and slackware 7.1 on 2 other 'real' machines, all it did was chew cpu and cause qmail-smtpd to chew some cpu as well.

Re: qmail 2.0 exploit

2001-02-28 Thread Vince Vielhaber
On Wed, 28 Feb 2001, Peter Cavender wrote: > What is this qmail version 2.0 that securityfocus.com claims there is an > explot for? Am I missing something, or are they? > > Being that I have better things to do than to try to screw up my mail > server, has anyone tried this claimed explot? What

Re: qmail 2.0 exploit

2001-02-28 Thread Ian Lance Taylor
Peter Cavender <[EMAIL PROTECTED]> writes: > What is this qmail version 2.0 that securityfocus.com claims there is an > explot for? Am I missing something, or are they? > > Being that I have better things to do than to try to screw up my mail > server, has anyone tried this claimed explot? Wha

qmail 2.0 exploit

2001-02-28 Thread Peter Cavender
What is this qmail version 2.0 that securityfocus.com claims there is an explot for? Am I missing something, or are they? Being that I have better things to do than to try to screw up my mail server, has anyone tried this claimed explot? What really happens? --Pete