Hi, I ran a Nessus scan last night and got a High Severity alert, which is frustratingly vague. At least most reports point me to other vulnerability sites to find a resolution.
I'm wondering if this an issue with my version of Postfix, configuration, or a red herring. Any input would be appreciated. I'm running: postfix-2.3.3-2.1.el5_2. I'm wondering if posting postconf will be useful? Here is the message from Nessus: SMTP Generic Overflow Detection
<<attachment: hdr_dash.gif>>
This script is Copyright (C) 2003-2010 Tenable Network Security, Inc. Family SMTP problems Nessus Plugin ID 11772 (smtp_overflows.nasl) Bugtraq ID CVE ID Description: Synopsis : The remote SMTP server is vulnerable to a buffer overflow. Description : The remote SMTP server crashes when it is sent a command with a too long argument. A cracker might use this flaw to kill this service or worse, execute arbitrary code on your server. Solution : This plugin tests for a generic condition. It may be remedied by upgrading, reconfiguring, or changing your SMTP Server (MTA). Risk factor : Critical / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
