Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: Curtis on July 15, 2020, 10:56:11 PM

Title: Qmail and CVE-2005-1513
Post by: Curtis on July 15, 2020, 10:56:11 PM

I happened upon this Qualys advisory from 2005 which appears to remain unpatched:
https://seclists.org/oss-sec/2020/q2/131 (https://seclists.org/oss-sec/2020/q2/131)

Elsewhere online, a suggested solution is to "make sure you have set a limit lower than 4 GB in /var/qmail/databytes..."

Could the above solution be implemented with a custom template? 

Title: Re: Qmail and CVE-2005-1513
Post by: Jean-Philippe Pialasse on July 15, 2020, 11:12:23 PM

i have checked it few weeks ago and:
- we do not use qmail-smtpd
- we have the databyte already in place, in case one would have the idea to use qmail-smtpd

Title: Re: Qmail and CVE-2005-1513
Post by: Curtis on July 16, 2020, 03:09:57 PM

Quote from: Jean-Philippe Pialasse on July 15, 2020, 11:12:23 PM

i have checked it few weeks ago and:
- we do not use qmail-smtpd
- we have the databyte already in place, in case one would have the idea to use qmail-smtpd

Excellent!  Thanks very much, Jean-Philippe!