Pessoal passei o nessus por aqui em um servidor de e-mail e recebi o seguinte aviso:
The remote qpopper server, according to its banner, is vulnerable to a one-byte overflow it its function Qvsnprintf(). An attacker may use this flaw to gain a (non-root) shell on this host, provided that he has a valid POP account to log in with. *** This test could not confirm the existence of the *** problem - it relied on the banner being returned. Solution : Upgrade to version 4.0.5 or newer Risk factor : High BID : 7058 Nessus ID : 11376 Bom baixei o codigo fonte do qpopper 4.0.5 e o instalei, qdo dou telnet na porta 110 do servidor recebo a seguinte mensagem: +OK Qpopper (version 4.0.5) at mail.server.com.br starting. Apesar disto o nessus continua reportando a mesma mensagem, alguem pode me ajudar? Valeu. Eicke. _______________________________________________________________ Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
