Security Basics mailing list archives
Re: Qmail passing sendmail vulnerability downstream
From: Bennett Todd <bet () rahul net>
Date: Tue, 11 Mar 2003 14:39:57 -0500
2003-03-10T14:12:04 Tim Thornton:
I understand that Qmail is not vulnerable to the recent Sendmail issue, but I want to know if Qmail will still forward the sendmail vulnerability "modified oversized header" downstream to other MTA's, thus leaving downstream sendmail servers open to the vulnerability.
I don't know if it _does_, but it would not be incorrect for it to do so. The message headers in question are odd, and unexpected, but this isn't an issue of a technically illegal header that sendmail doesn't defend against, it's a theoretically valid if extremely weird header that provokes unexpected behavior from a real bug in sendmail. Given qmail's componentized modular architecture, it should be fairly reasonable to plug a filtering component in the mail flow path. I haven't used qmail in a few years, don't know for sure what API would be most convenient for such filtering, but if an SMTP->SMTP passthrough proxy would be convenient I've got a framework[1] for assembling such proxies that would make this pretty easy. A proxy that quarantined any message that contained a long string of <><> anywhere in the headers (i.e. before the first \r\n\r\n of the DATA body) would have very few false positives and would be quite straightforward. -Bennett
Attachment:
_bin
Description:
Current thread:
- Qmail passing sendmail vulnerability downstream Tim Thornton (Mar 11)
- Re: Qmail passing sendmail vulnerability downstream Bennett Todd (Mar 12)
- R: Qmail passing sendmail vulnerability downstream NewCOM Service Care (Mar 13)
- Re: Qmail passing sendmail vulnerability downstream Joerg Over (Mar 12)
- Re: Qmail passing sendmail vulnerability downstream Bennett Todd (Mar 12)