Bugtraq mailing list archives
Re: Sendmail up to 8.9.1 - mail.local instroduces new class of
From: blymn () BAEA COM AU (Brett Lymn)
Date: Tue, 11 Aug 1998 11:19:51 +0930
According to Jonathan Stott:
A better fix would be to use procmail, or /bin/mail, or some other program for local mail delivery.
A lot of people have been recommending putting procmail in to perform filtering of mail as an adjunct to sendmail. I did a quick grep for the notorious strc{at,py} commands in the procmail source and found quite a few. I have not analysed the code but people putting in filters now to prevent the recent problems with mime et al could be (I said _could_be_) leaving themselves open for a more subtle exploit later on via procmail overflows. -- Brett Lymn, Computer Systems Administrator, British Aerospace Australia =============================================================================== And the monks would cry unto them, "Keep the bloody noise down!" - Mort, Terry Pratchett.
Current thread:
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jonathan Stott (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Chip Salzenberg (Aug 10)
- Yet another DOS/Exploit in ICQ?????? Arnvid L. Karstad (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Brett Lymn (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Kari E. Hurtta (Aug 12)
- Re: Apache DoS Attack Dag-Erling Coidan Smørgrav (Aug 12)
- Microsoft Security Bulletin (MS98-008) Aleph One (Aug 12)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Aug 12)
- Netscape Exploit? Mozilla? Crispin Cowan (Aug 11)
- FW: CERT Advisory CA-98.10 - mime_buffer_overflows Patrick Oonk (Aug 11)
- Re: FW: CERT Advisory CA-98.10 - mime_buffer_overflows (VU#5648) John D. Hardin (Aug 11)
- RotoRouter 1.0 - Traceroute log & fake #include (Aug 11)
- Re: RotoRouter 1.0 - Traceroute log & fake Vadim Kolontsov (Aug 11)