Mailscanner on Solaris 9 *not* protected from "zip of death"

Julian Field mailscanner at ecs.soton.ac.uk
Thu Nov 28 16:43:29 GMT 2002


At 16:08 28/11/2002, you wrote:
>On Thu, 2002-11-28 at 04:33, D.M.Chapman wrote:
> > Ok, I have been doing some digging following my recent email about
> > mailscanner failing to detect a Denial of Service attack and I may have
> > turned up a fairly serious issue with solaris 9. Bewarned, this is long :-)
> >
> > Executive Summary:
> >
> >   If you are running mailscanner on Solaris 9 and you are using the Sun
> >   supplied version of perl then you are probably *not* protected against
> >   a "zip of death" denial of service attack. We certainly were not :-(
> >
>You are filing a bug report with Sun on this, right?

Darren --- Can I leave you to do that please?
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list