On Thu, 13 Oct 2005, Liron Newman wrote: > Davide Libenzi wrote: > >> On Wed, 12 Oct 2005, Davide Libenzi wrote: >> >> >> >>> There is a possible buffer overflow vulnerability in all versions of XMail >>> previous to 1.22. This does not affect the server itself, but the XMail's >>> sendmail binary. Since many runs the XMail's sendmail as suid root, the >>> issue can be critical, even if not easily exploitable w/out knowing the >>> server setup. I'd suggest everyone to update to 1.22 ASAP: >>> >>> >> >> Side note if it wasn't clear. Even the Windows XMail's sendmail is >> affected ... >> >> >> >> > Will replacing sendmail.exe be enough? > What are the changes to the server itself, if any?
Yes, that should be enough. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
