CRM114 version specifics?
Steve Campbell
campbell at cnpapers.com
Tue Jul 31 16:18:06 IST 2007
You are correct here Matt, but just shutting down things for a few
minutes make the phones ring with angry execs at the end of the line.
You probably know the rest of the story. Until I can upgrade, I add what
I can to the lot.
Thanks though,
Steve
Matt Kettler wrote:
> Steve Campbell wrote:
>
>> Thanks all for the info.
>>
>> Now, what about version specifics. Will CRM114 run with older versions
>> of SA? Is it pretty generic or real specific? It's been around for a
>> long time, as I read it, but wasn't used specifically with SA, so I
>> wonder if it will run with my 3.0.1 SA.
>>
>
> You should be worried about upgrading before adding CRM114.
>
> Unless your 3.0.1 is vendor-patched, you've got numerous security
> vulnerabilities, mostly DoS attacks that exploit cases where the message parsing
> can be made to burn lots of CPU by feeding it malformed messages.
>
> http://wiki.apache.org/spamassassin/Security
>
>
> Known to affect 3.0.1:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447
> (note: 2006-2447 requires spamd, so irrelevant to MailScanner)
>
> Might affect you (never verified against such an old version):
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
>
>
More information about the MailScanner
mailing list