Topic: qmail insecure???

[cryblood]

I recently ran across a report that there is a possible exploit for qmail that allows someone to gain root privliges remotely,  information can be found at www.ktwo.ca/security.html.  I was wondering if e-smith was affected by this.  I tried to look at the advisory and figure it out but was unfamiliar with some of the things it contained.  

will be looking forward to a reply.

thanx.

[Charlie Brady]

cryblood wrote:

> I recently ran across a report that there is a possible exploit
> for qmail that allows someone to gain root privliges remotely,
> information can be found at www.ktwo.ca/security.html.  I was
> wondering if e-smith was affected by this.  I tried to look at
> the advisory and figure it out but was unfamiliar with some of
> the things it contained.

The exploit is not for qmail, but for qmail-pop3  (a POP-3 server) used with vchkpw, a third party modular authentication checker. The e-smith server and gateway does not use this combination, and is not vulnerable.

Charlie

[Charlie Brady]

Charlie Brady wrote:

> The exploit is not for qmail, but for qmail-pop3  (a POP-3
> server) used with vchkpw, a third party modular authentication
> checker.

Actually, to be completely accurate, the expolit is of vchkpw, which is accessible via qmail-pop3, if they are used together.

It's still not a problem for us

Charlie

[cryblood]

YYYAAAYYY!!!
 
Once again my beloved e-smith server proves to be secure and wonderful!

just wait till I tell microsoft boy! (boss)