While scanners are a great tool, blindly taking their results as
inquestionable true can lead to disasters. The Debian SSL keys
generation disaster is a proof of that.
Em 16/11/16 13:38, McSec escreveu:
A Veracode scan reported the following vulnerabilites in postfix 3.0.1:
vulnerability module source
Buffer Over Flow dnsblog home/.../src/dns/dns_rr.c
Buffer Over Flow smtpd home/.../src/tls/tls_scache.c
Numeric Errors dnsblog home/.../src/dns/dns_rr.c 262
Numeric Errors dnsblog home/.../src/dns/dns_rr.c 302
Numeric Errors dnsblog home/.../src/dns/dns_strtype.c 207
Numeric Errors smtpd home/.../src/tls/tls_dane.c 1291
I do not see these being reported in the mailing list previously. Are these
are real vulnerabilities or false positives?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
