Hi all,
I have qmail 1.03, with tcpserver, vpopmail and qmailscanner and when I test my
network for vulnerabilities using
AXENT Netrecom 3.0 the following security results is displayed about my qmail server
host:
SMTP allows remote command execution via recipient filter.
Risk: 86
Description: Attackers can execute arbitrary shell commands by addressing e-mail to a
filter.
Note: If your SMTP software does not support filters, this is not a vulnerability.
if you are not sure if your SMTP
software supports filters, contact your vendor. This vulnerability aplies
primarily to UNIX systems.
Solution: Upgrade or replace your SMTP server, or verify that it does not support
filter.
Questions: Anybody know anything about this? Where can I get additional information
about this? This Results checks is True or false?
(Sorry by my poor english)
Best regards,
Agnaldo Mariano Monteiro
