Author: jmm-guest Date: 2005-03-30 20:25:51 +0000 (Wed, 30 Mar 2005) New Revision: 690 Modified: sarge-checks/CAN/list Log: An exploit for the remote smail issue has been published. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-30 16:55:45 UTC (rev 689) +++ sarge-checks/CAN/list 2005-03-30 20:25:51 UTC (rev 690) @@ -89,14 +89,6 @@ NOTE: no patch known at this time. See also: CAN-2005-0892 CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) - smail 3.2.0.115-7 - NOTE: The (upstream) smail maintainer claims both vulnerabilities to be not - NOTE: exploitable. The bugreporter has presented valid claims, though, - NOTE: but the smail maintainer blocks the reporter''s mail domain on - NOTE: SMTP level, so there''s some kind of communication problem :-) - NOTE: The patch applied by the maintainer addresses the heap overflow, - NOTE: but doesn''t touch the sighandler issues. This deserves a second - NOTE: deeper analysis. - NOTE: see CAN-2005-0893 for the other hole.. CAN-2005-0891 NOTE: reserved CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)