-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Already read this link: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837
Jan Wagner wrote: | ---------- Forwarded Message ---------- | | Subject: [USN-74-1] Postfix vulnerability | Date: Sunday 06 February 2005 23:55 | From: Wietse Venema <[EMAIL PROTECTED]> | To: Postfix announce <[EMAIL PROTECTED]> | Cc: Postfix users <[EMAIL PROTECTED]> | | In a recent announcement on the Full-Disclosure mailing list, Martin | | Pitt <[EMAIL PROTECTED]> wrote: | |>Jean-Samuel Reynaud noticed a programming error in the IPv6 handling |>code of Postfix when /proc/net/if_inet6 is not available (which is the |>case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup" |>was enabled in the "smtpd_recipient_restrictions", Postfix turned into |>an open relay, i. e. erroneously permitted the delivery of arbitrary |>mail to any MX host which has an IPv6 address. | | | This is a bug in a third-party IPv6 patch that is not part of | Postfix. The bug affects Linux systems only. | | Neither the official Postfix release, nor the work-in-progress | version (which has IPv6 support built-in) are affected by this. | | Please do not ask me how to resolve the vulnerability. Contact info | for the third-party IPv6 patch is at http://www.ipnet6.org/postfix/ipv6.html. | | Please do not ask me what Linux distributions are affected. Contact | your Linux distributor instead. | | It would be nice if Linux distributors could indicate whether a | Postfix problem is part of the software base itself, or due to a | third-party add-on that they included with the base software. | | Wietse | | ------------------------------------------------------- | | Hi list! | | my short question about the topic are: | | Is the recent postfix version of sarge (2.1.5-5) affected and if, when can be | a fixed version expected? | | With kind regards, Jan.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCB02X2n1ROIkXqbARAoElAKCVO3GXkBmzKXA1EhMpIuJe5xPwSACdGIur SfCSk7hih3jhl2ux3IcoodQ= =eTtP -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
