There is a possible buffer overflow vulnerability in all versions of XMail previous to 1.22. This does not affect the server itself, but the XMail's sendmail binary. Since many runs the XMail's sendmail as suid root, the issue can be critical, even if not easily exploitable w/out knowing the server setup. I'd suggest everyone to update to 1.22 ASAP:
http://www.xmailserver.org PS: Mitre has assigned CAN-2005-2943 to this issue. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
