You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by "Gary L. Harris" <gh...@wvinternet.com> on 2003/03/04 17:41:05 UTC
Sendmail Buffer Overflow
Is James affected by this?
CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Gary Harris
wvinternet.com
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: Sendmail Buffer Overflow
Posted by Serge Knystautas <se...@lokitech.com>.
Gary L. Harris wrote:
> Is James affected by this?
> CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Yes in that more people may consider using James.
--
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: Sendmail Buffer Overflow
Posted by bill parducci <bi...@parducci.net>.
not directly. completely different code base.
b
Gary L. Harris wrote:
> Is James affected by this?
> CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
>
> Gary Harris
> wvinternet.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Sendmail Buffer Overflow
Posted by "Noel J. Bergman" <no...@devtech.com>.
> Is James affected by [CERT® Advisory CA-2003-07 Remote Buffer Overflow in
Sendmail]
No. There are no known exploits for James.
Furthermore, because James doesn't need root priviledges other than to
access the IANA-specified ports for the public services, a deployment can
use port forwarding to allow James to run as a non-root process. A tradeoff
is that a malicious non-root process could spoof the service (this is why
there are restrictions on port use in the first place), but that tradeoff is
managable in many situations.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Host connect issue
Posted by "Noel J. Bergman" <no...@devtech.com>.
> James - 2.0a2
v2.1.2 is the current version. No idea what problems might have existed in
v2.0a2. There were 100s of fixes and enhancements between 2.0a3 and 2.1.0
alone. I do know that some of them were related to proper handling of
permanent and temporary errors, because I made some of those changes.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Host connect issue
Posted by Shal Jain <sh...@intertechsys.com>.
OS - Win2K
James - 2.0a2
Every so often sending emails through james to the host listed below fails.
I haven't had a chance to dig through the logs (they are kinda huge) (I
have replaced the username w/ [some user] )
However, sending email through Exchange works just fine.
What should I be looking for.
-- bounce from James --
Hi. This is the James mail server at [my host name]
I'm afraid I wasn't able to deliver your message
to the following addresses.
This is a permanent error; I've given up. Sorry it
didn't work out.
[some user]@aol.com
Could not connect to SMTP host: mailin-03.mx.aol.com.,
port: 25
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Sendmail Buffer Overflow
Posted by Danny Angus <da...@apache.org>.
No.
Absoultely not.
Following the instructions here: http://james.apache.org/james_and_sendmail.html
Will show you how you can use James for outbound traffic and thereby protect yourself from this vulnerability by restricting sendmail to access by local users only, with no open ports.
d.
> -----Original Message-----
> From: Gary L. Harris [mailto:gharris@wvinternet.com]
> Sent: 04 March 2003 16:41
> To: James Users List
> Subject: Sendmail Buffer Overflow
>
>
> Is James affected by this?
> CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
>
> Gary Harris
> wvinternet.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org