cmd5checkpw Qmail Remote Password Retrieval Vulnerability

Solution:
The author notes that "this vulnerability has been fixed in the latest 0.22 version of cmd5checkpw, available from http://members.elysium.pl/brush/cmd5checkpw/

the qmail-smtpd-auth patch is also fixed now. When the child crashes it returns propper error message now. Grab the latest version (0.26) from: http://members.elysium.pl/brush/qmail-smtpd-auth/
"



 

Privacy Statement
Copyright 2010, SecurityFocus