Mailscanner on Solaris 9 *not* protected from "zip of death"
mailscanner at ecs.soton.ac.uk
Thu Nov 28 16:43:29 GMT 2002
At 16:08 28/11/2002, you wrote:
>On Thu, 2002-11-28 at 04:33, D.M.Chapman wrote:
> > Ok, I have been doing some digging following my recent email about
> > mailscanner failing to detect a Denial of Service attack and I may have
> > turned up a fairly serious issue with solaris 9. Bewarned, this is long :-)
> > Executive Summary:
> > If you are running mailscanner on Solaris 9 and you are using the Sun
> > supplied version of perl then you are probably *not* protected against
> > a "zip of death" denial of service attack. We certainly were not :-(
>You are filing a bug report with Sun on this, right?
Darren --- Can I leave you to do that please?
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner