james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: Sendmail Buffer Overflow
Date Tue, 04 Mar 2003 17:53:33 GMT
> Is James affected by [CERT® Advisory CA-2003-07 Remote Buffer Overflow in

No.  There are no known exploits for James.

Furthermore, because James doesn't need root priviledges other than to
access the IANA-specified ports for the public services, a deployment can
use port forwarding to allow James to run as a non-root process.  A tradeoff
is that a malicious non-root process could spoof the service (this is why
there are restrictions on port use in the first place), but that tradeoff is
managable in many situations.

	--- Noel

To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org

View raw message