Re: [Exim] HELO overflow?

Pàgina inicial
Aquest missatge és part del següent fil:
M++\l'arbre de fils complet ordenat per data
MMMMPhilip Hazel en <-
M 
Delete this message
Reply to this message
Autor: Michael Scott Shappe
Data:  
A: exim-users
Assumpte: Re: [Exim] HELO overflow?
> It is true that it then goes on to read more input, but I don't see how
> that can produce a vulnerability. In any case, after too many
> unrecognized commands it will close the connection.

*Nod* OK. I suspect that Nessus is interpreting this disconnection as a
crash, then. Nessus probably figures it should continue to get responses as
long as it continues to send input, even if that input is nonsense.

Of course, it's not clear to me how Nessus could distinguish between the two
conditions, unless Exim sends some standard code to say goodbye before
disconnecting.

Thank you for calming my nerves :-) I just switched to exim in large part
because I'd heard such good reports of its security and reliability...

/m


Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-[Exim] 3.36, sender reject, no error messages?[Exim] Autoreply problem->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)