Family: Debian Local Security Checks --> Category: infos
[DSA198] DSA-198-1 nullmailer Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A problem has been discovered in nullmailer, a simple relay-only mail
transport agent for hosts that relay mail to a fixed set of smart
relays. When a mail is to be delivered locally to a user that doesn't
exist, nullmailer tries to deliver it, discovers a user unknown error
and stops delivering. Unfortunately, it stops delivering entirely,
not only this mail. Hence, it's very easy to craft a denial of service.
This problem has been fixed in version 1.00RC5-16.1woody2 for the
current stable distribution (woody) and in version 1.00RC5-17 for the
unstable distribution (sid). The old stable distribution (potato)
does not contain a nullmailer package.
We recommend that you upgrade your nullmailer package.
Solution : http://www.debian.org/security/2002/dsa-198
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.