Gld 1.5 released (security fix)
In-Reply-To: <20050412004111.562AC7A890E@xxxxxxxxxxxxxxxxxxxxxx>
Hi,
gld 1.5 has been released today .
This version fixes the issues and add new features .
You can download it here : http://www.gasmi.net/down/gld-1.5.tgz
Note about the exploit released:
To be effective, the exploit needs to connect via TCP to gld.
Normally, gld listen only to loopback interface (default option)
and thus disable the exploit.
In the rare cases, where gld listen on a real network interface
(in case where gld server is on a different host than smtp servers)
it must be configured to only accept trusted smtp servers to connect to
and of course not everybody, this of course disable the exploit too.
Finally, by default gld run as nobody, and thus, no root access should
be directly possible via gld .
Best regards,
Salim