> On Wed, Mar 03, 2004 at 05:09:29PM +0100, Claudio Jeker wrote: > > Georgi Guninski has posted a way to bufferoverflow qmail-qmtpd.c. > > Currently it is not proven that this can be used for a succesful attack > > but better be save. So here is a patch. > > > > getlen() is also used in qmail-qmqpd.c (which is used for cluster > forwards). I don't know if it is possible to do anything bad with it but > again better be save. Remeber qmail-qmqpd is normaly restricted to the > cluster servers with a tcprules file so the attack has to come form one of > your other mail servers. > > Also the buffer overflow of Georgi Guninski needs a non empty RELAYCLIENT > which is definitivly non standard. > > -- > :wq Claudio
This fix is not included in qmail-ldap-1.03-20040301.patch, isn't it? # And do you have plan to annouce qmail-ldap-1.03-20040301.patch # officially or not? ----- UEDA Hiroyuki <[EMAIL PROTECTED]> Net Forest Inc., JAPAN
