Becki, The CVE you refer to is *not* about dbmail. It's about Xmail, a different product all together.
That said: don't use 1.2.11 on a new system. Use 2.0.6 instead. 1.2.x is old, and not maintained any more. > > vulnerability pop3(110/tcp) > > The remote POP3 server seems > to be subject to a buffer overflow when it receives > two arguments which are too long for the APOP command. > > This problem may allow an attacker to disable this > POP server or to execute arbitrary code on this > host. > > Solution : Contact your vendor for a patch > Risk factor : High > CVE : CAN-2000-0841 <http://cgi.nessus.org/cve.php3?cve=CAN-2000-0841> > BID : 1652 <http://cgi.nessus.org/bid.php3?bid=1652> > Nessus ID : 10559 <http://cgi.nessus.org/nessus_id.php3?id=10559> > > vulnerability pop3(110/tcp) > > The remote pop3 server is vulnerable to the following > buffer overflow : > > USER test > PASS <buffer> > > This *may* allow an attacker to execute arbitrary commands > as root on the remote POP3 server. > > Solution : contact your vendor, inform it of this > vulnerability, and ask for a patch > > Risk factor : High > CVE : CAN-1999-1511 <http://cgi.nessus.org/cve.php3?cve=CAN-1999-1511> > BID : 791 <http://cgi.nessus.org/bid.php3?bid=791> > Nessus ID : 10325 <http://cgi.nessus.org/nessus_id.php3?id=10325> > > ##################################### > > well ... i was really worried !!! is there REALLY a buffer overflow in > the dbmail release 1.2.11?? > if so ... is there a patch available?? > > any more info on this subject would be great ;-) > > and also a BIG THANK YOU to the dbmail development community! > i really like dbmail - it rocks ;-) > > all the best > becki > > _______________________________________________ > Dbmail mailing list > Dbmail@dbmail.org > https://mailman.fastxs.nl/mailman/listinfo/dbmail > -- ________________________________________________________________ Paul Stevens mailto:[EMAIL PROTECTED] NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED] The Netherlands________________________________http://www.nfg.nl
