On Tue, 16 Mar 2010, Keith Lofstrom wrote:
The following may indicate a security hole. Paul is a competent
fellow, so I'm taking this seriously. Perhaps somebody more
competent than both of us has a more informed opinion.
Perhaps this is related:
http://isc.sans.org/diary.html?storyid=8434
Spamassassin Milter Plugin Remote Root Attack
...
Handler Bojan notes that it appears that the bad guys have started to
actively exploit SpamAssassin's milter vulnerability that has been
published last weekend (more details at
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html).
...
That page also mentions a preliminary patch to the milter code to fix the
bug...
/--------------------------------------------------------------------\
| "Computers are different from telephones. Computers do not ring." |
| -- A. Tanenbaum, "Computer Networks", p. 32 |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge |
| Mail: [email protected] Web: http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/
