Hi,
the latest sendmail bug can be exploited by sending a message to a
vulnerable system. Using exim as an application level gateway doesn't
help here, since exim will happily relay the message containing the
exploit to a vulnerable internal system.
Has anybody out here done an analysis of the sendmail bug? Is it
possible to configure exim to not relay an exploiting message, but
instead rejecting it? I would be very interested in solutions for both
exim 3 and exim 4.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
