hello dbmail users ;-)
i have just recently installed a new productive server with SuSe Linux
9.3, mysql 4.1.10, postfix and dbmail 1.2.11
the mailsystem works great and so far i haven't discovered any errors or
whatsoever ...
then I just did a nessus scan on the server and the nessus report showed
me the following:
#####################################
vulnerability pop3(110/tcp)
The remote POP3 server seems
to be subject to a buffer overflow when it receives
two arguments which are too long for the APOP command.
This problem may allow an attacker to disable this
POP server or to execute arbitrary code on this
host.
Solution : Contact your vendor for a patch
Risk factor : High
CVE : CAN-2000-0841 <http://cgi.nessus.org/cve.php3?cve=CAN-2000-0841>
BID : 1652 <http://cgi.nessus.org/bid.php3?bid=1652>
Nessus ID : 10559 <http://cgi.nessus.org/nessus_id.php3?id=10559>
vulnerability pop3(110/tcp)
The remote pop3 server is vulnerable to the following
buffer overflow :
USER test
PASS <buffer>
This *may* allow an attacker to execute arbitrary commands
as root on the remote POP3 server.
Solution : contact your vendor, inform it of this
vulnerability, and ask for a patch
Risk factor : High
CVE : CAN-1999-1511 <http://cgi.nessus.org/cve.php3?cve=CAN-1999-1511>
BID : 791 <http://cgi.nessus.org/bid.php3?bid=791>
Nessus ID : 10325 <http://cgi.nessus.org/nessus_id.php3?id=10325>
#####################################
well ... i was really worried !!! is there REALLY a buffer overflow in
the dbmail release 1.2.11??
if so ... is there a patch available??
any more info on this subject would be great ;-)
and also a BIG THANK YOU to the dbmail development community!
i really like dbmail - it rocks ;-)
all the best
becki
