Bugtraq mailing list archives
Re: Exim 4.66 in conjunction with spamd Overflow issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 15 May 2007 18:36:30 +0400
Dear calcite () setec org, spamd is trusted service. Exim sends whole received message to spamd. To configure untrusted spamd means to give access to all your mail and is vulnerability by itself. --Sunday, May 13, 2007, 9:18:59 AM, you wrote to bugtraq () securityfocus com: cso> EXPLOITATION: cso> cso> Exploiting this bug would require social engineering and a fake spamd server. Obviously you will need to get an administrator to add your fake server to exim config. cso> cso> Solution : cso> cso> Run spamd locally or only add trusted spamd servers to your config ( have legitimate credentials). cso> Refferences---- -- ~/ZARAZA http://securityvulns.com/
Current thread:
- Exim 4.66 in conjunction with spamd Overflow issues calcite (May 14)
- Re: Exim 4.66 in conjunction with spamd Overflow issues 3APA3A (May 15)