After upgrading packages on my system the XMail server didn't download pop3link
mail any more - in debug mode it would print messages like this:
ErrCode = -40
ErrString = Invalid server address
ErrInfo = ***.homelinux.net
[PSYNC/MASQ] MasqDomain = "qtea.nl,qtea.nl" - RmtDomain = "***.homelinux.net" -
RmtName = "quinox" Failed !
After some testing I found out that wget had the same problem in the chrooted
directory, and after some googling I found
http://blog.gmane.org/gmane.comp.apache.mod-security.user/day=20040711 . Copying
those 3 files mentioned in that post:
to the /chroot/xmail/lib directory fixed my problem.
ATM the init script copies all libs mentioned in ldd XMail - The resolve libs
are not listed there. IMO these will have to be copied by the init.d script too
before starting XMail
XMail 1.22 has been released a few days ago and isn't in portage yet - it has a
security update to fix a buffer overflow with the local sendmail prog
Steps to Reproduce:
Noone ? It is kind of bad if we leave an exploitable version of a mail server in
portage for this long :/
1.22 is masked in the tree (wait a few minutes for mirrors to pick it up), could
you please test it and see if it works for you so that I can remove the vuln
package and have the sec team issuing a GLSA?
(Moving to Security)
It compiles without any problems and it runs fine :)
x86 or maintainer can go ahead and mark stable
Local exploitation of a buffer overflow vulnerability in XMail, as
distributed with multiple vendors' operating systems, allows local
attackers to execute arbitrary code with elevated privileges.