CVE-1999-0203 |
Post Reply 
|
| Author | |
LOBrien 
Guest Group 
|
 Post Options
 Thanks(0)
 Quote Reply
 Topic: CVE-1999-0203Posted: 27 May 2004 at 2:03pm |
|
When scanning my "LogSat Spam" server for security vulnerabilities, I receive a vulnerability CVE-1999-0203 (ref link):http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0203How can I fix this and/or document that it is a false positive?
|
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 May 2004 at 11:39pm |
|
LoBrien, As the Mitre link you sent explains, the vulnerability only affects certain versions of SendMail. SpamFilter ISP is not based on Sendmail and is thus immune to that attack. Your vulnerability scanner misinterpreted the response SpamFilter provided when it sent SpamFilter a malformatted rcpt to command followed by a specific sequence of bytes. You may want to inform the vendor of the false positives you received so they can fine tune their detection signature for this vulnerability. You'll find more detailed explanation that Mitre provides, along with some sample signatures and vulnerable Sendmail versions here (Snort.org) and here (Whitehats) Roberto F.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.160 seconds.