[38342] in bugtraq
Gld 1.5 released (security fix)
daemon@ATHENA.MIT.EDU (Salim Gasmi)
Wed Apr 13 16:36:26 2005
Date: 13 Apr 2005 17:47:36 -0000
Message-ID: <20050413174736.20947.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Salim Gasmi <salim@gasmi.net>
To: bugtraq@securityfocus.com
In-Reply-To: <20050412004111.562AC7A890E@ws4-4.us4.outblaze.com>
Hi,
gld 1.5 has been released today .
This version fixes the issues and add new features .
You can download it here : http://www.gasmi.net/down/gld-1.5.tgz
Note about the exploit released:
To be effective, the exploit needs to connect via TCP to gld.
Normally, gld listen only to loopback interface (default option)
and thus disable the exploit.
In the rare cases, where gld listen on a real network interface
(in case where gld server is on a different host than smtp servers)
it must be configured to only accept trusted smtp servers to connect to
and of course not everybody, this of course disable the exploit too.
Finally, by default gld run as nobody, and thus, no root access should
be directly possible via gld .
Best regards,
Salim
