Gld 1.5 released (security fix)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Gld 1.5 released (security fix)
From: Salim Gasmi <salim@xxxxxxxxx>
Date: 13 Apr 2005 17:47:36 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20050412004111.562AC7A890E@xxxxxxxxxxxxxxxxxxxxxx>

Hi,

gld 1.5 has been released today .

This version fixes the issues and add new features .

You can download it here : http://www.gasmi.net/down/gld-1.5.tgz

Note about the exploit released:
To be effective, the exploit needs to connect via TCP to gld.
Normally, gld listen only to loopback interface (default option)
and thus disable the exploit.

In the rare cases, where gld listen on a real network interface
(in case where gld server is on a different host than smtp servers)
it must be configured to only accept trusted smtp servers to connect to
and of course not everybody, this of course disable the exploit too.

Finally, by default gld run as nobody, and thus, no root access should
be directly possible via gld .

Best regards,

Salim

Prev by Date: Patch available for critical Veritas i3 Server vulnerability
Next by Date: Multiple medium risk flaws fixed in new version of PHP (late advisory)
Previous by thread: Patch available for critical Veritas i3 Server vulnerability
Next by thread: Multiple medium risk flaws fixed in new version of PHP (late advisory)
Index(es):
- Date
- Thread