leak in spamassassin
Torsten Irländer
torsten.irlaender at intevation.de
Wed Jun 7 13:51:17 CEST 2006
On Wednesday, 7. June 2006 10:46, Ger Apeldoorn wrote:
> Hi all,
>
> I've seen that spamassassin has brought out a patch for a security leak.
> See: http://lwn.net/Articles/186444/
>
> To make the leak exploitable, spamd must be run with the "-v" /
> "--vpopmail" switch, and with the "-P" / "--paranoid" switch.
Hi,
Further spamd must be reachable from the internet which is not the default.
> Does anyone know if this the default in KOLAB and how can I check to make
> sure that my installation does not use these?
I have checked the rc scripts under /kolab/etc/rc.d and looked how
spamassassin is started, and I can not find any -v nor -P switch. So I assume
that you're not effected.
regards
Torsten
--
Torsten Irländer Intevation GmbH
torsten.irlaender at intevation.de
http://www.intevation.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20060607/7542718c/attachment.sig>
More information about the users
mailing list