Bugtraq mailing list archives

Re: Sendmail 8.6.9 security hole

From: chris () rivers dra hmg gb (Christopher Samuel)
Date: Thu, 23 Feb 1995 11:43:13 +0000


In message <199502230035.AA26027 () charybda sovam com>, 
        "Igor V. Semenyuk" <iga () sovam com> writes:

Does anybody know details of the security hole(s) in 8.6.9 fixed
in 8.6.10?

Is IDA sendmail vulnerable to these attacks?


I've had a quick scan of the patch to take 8.6.9 to 8.6.10 (it's all
I've got time for I'm afraid) and the changes to the IDENT service
appear to concern stopping people returning information that overflows
the buffer and/or contains new-lines.

It introduces two new functions:

1) CLEANSTRCPY -- copy string keeping out bogus characters
2) DENLSTRING -- convert newlines in a string to spaces

The interesting bit comes from the second, to quote:

+ #ifdef LOG
+       p = macvalue('_', CurEnv);
+       syslog(LOG_ALERT, "POSSIBLE ATTACK from %s: newline in string \"%s\"",
+               p == NULL ? "[UNKNOWN]" : p, bp);
+ #endif

Chris
--
 Christopher Samuel    Open Software Systems Group    chris () rivers dra hmg gb
 N-115, Defence Research Agency,  St Andrews Road, Great Malvern, England, UK
 "To no man will we sell, or delay, or deny, right or justice" -- Magna Carta

Current thread:

Re: HP-UX Problem..., (continued)
- - - Re: HP-UX Problem... Andrew Hughes (Feb 20)
    - Bugtraq mailing list William B. Chmura (Feb 21)
    - fcntl() file locking under Solaris 2.4 Jas (Feb 21)
    - Re: fcntl() file locking under Solaris 2.4 Jas (Feb 22)
    - snooper watchers Ben Taylor (Feb 22)
    - Re: snooper watchers Eric Conrad (Feb 22)
    - Re: snooper watchers Ben Taylor (Feb 22)
    - CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
    - Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
    - Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
    - Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
    - Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
    - new sendmail bug? James W. Abendschan (Feb 22)
    - Re: new sendmail bug? joel (Feb 22)
    - Re: new sendmail bug? Dave Horsfall (Feb 22)
    - Sendmail 8.6.10: what's different? der Mouse (Feb 23)
    - X keyboard sniffing Paul Howell (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
    - Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)

(Thread continues...)