Bugtraq mailing list archives
Re: Sendmail 8.6.9 security hole
From: chris () rivers dra hmg gb (Christopher Samuel)
Date: Thu, 23 Feb 1995 11:43:13 +0000
In message <199502230035.AA26027 () charybda sovam com>, "Igor V. Semenyuk" <iga () sovam com> writes:
Does anybody know details of the security hole(s) in 8.6.9 fixed in 8.6.10? Is IDA sendmail vulnerable to these attacks?
I've had a quick scan of the patch to take 8.6.9 to 8.6.10 (it's all I've got time for I'm afraid) and the changes to the IDENT service appear to concern stopping people returning information that overflows the buffer and/or contains new-lines. It introduces two new functions: 1) CLEANSTRCPY -- copy string keeping out bogus characters 2) DENLSTRING -- convert newlines in a string to spaces The interesting bit comes from the second, to quote: + #ifdef LOG + p = macvalue('_', CurEnv); + syslog(LOG_ALERT, "POSSIBLE ATTACK from %s: newline in string \"%s\"", + p == NULL ? "[UNKNOWN]" : p, bp); + #endif Chris -- Christopher Samuel Open Software Systems Group chris () rivers dra hmg gb N-115, Defence Research Agency, St Andrews Road, Great Malvern, England, UK "To no man will we sell, or delay, or deny, right or justice" -- Magna Carta
Current thread:
- Re: HP-UX Problem..., (continued)
- Re: HP-UX Problem... Andrew Hughes (Feb 20)
- Bugtraq mailing list William B. Chmura (Feb 21)
- fcntl() file locking under Solaris 2.4 Jas (Feb 21)
- Re: fcntl() file locking under Solaris 2.4 Jas (Feb 22)
- snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Eric Conrad (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
- Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
- Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
- Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
- Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
- new sendmail bug? James W. Abendschan (Feb 22)
- Re: new sendmail bug? joel (Feb 22)
- Re: new sendmail bug? Dave Horsfall (Feb 22)
- Sendmail 8.6.10: what's different? der Mouse (Feb 23)
- X keyboard sniffing Paul Howell (Feb 23)
- Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
- Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)