Ah, It seems that the -x option for spamass-milter is what makes this vulnerable.
See: http://www.exploit-db.com/exploits/11662 If you don't run spamass-milter with the -x option, this vulnerability does not work. On Wed, 17 Mar 2010 13:19:45 +1100, Steven Haigh <[email protected]> wrote: > On Tue, 16 Mar 2010 14:19:25 -0700 (PDT), Paul Heinlein > <[email protected]> wrote: >> On Tue, 16 Mar 2010, Paul Heinlein wrote: >> >>> This is a heads-up that there might be an actively exploited >>> vulnerability in either the spamassassin or spamass-milter package. >> >> Belatedly, I found a notice: >> >> http://seclists.org/fulldisclosure/2010/Mar/267 >> >> And some exploit code: >> >> http://seclists.org/fulldisclosure/2010/Mar/att-264/adv.txt > > I'm kinda curious about this - as I run this combo all over the place and > from what I can understand, it looks like the stock config isn't > vulnerable. > > Checking a few of my servers, I get: > 220 mail.server.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 17 Mar 2010 > 10:49:34 +1100 > 250 mail.server.com Hello localhost [127.0.0.1], pleased to meet you > 553 5.5.4 <root () gmail com>... Domain name required for sender address > root.gmail.com > 503 5.0.0 Need MAIL before RCPT > 503 5.0.0 Need MAIL command > 500 5.5.1 Command unrecognized: "<spam test string removed>" > > Am I reading this right as this setup is not vunerable? -- Steven Haigh Email: [email protected] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 Fax: (03) 8338 0299 _______________________________________________ users mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/users
