Bugtraq mailing list archives
Re: sendmail 8.12.8 available
From: Bennett Todd <bet () rahul net>
Date: Fri, 7 Mar 2003 14:49:27 -0500
On Mon, 3 Mar 2003, Florian Weimer wrote:
Would people be willing to share filter rules for other MTAs to block offending messages on relays?
Wietse Venema offered the following responses for Postfix. First out
of the gate was [1], this regexp-based quick-response; capable of
false-positives, but not as scary as might be feared since it only
looks in the headers (place this in a regexp map, assign that to
header_checks):
/<><><><><><>/ reject possible CA-2003-07 sendmail buffer overflow exploit
Then he came out with [2], a new release of postfix with
functionality like that of patched sendmail, sanitizing messages
as they pass through and logging when it does so. This enhancement
he then broke out as a light patch [3] to apply against most
versions of postfix that might be in use, for people who'd like the
protection without having to upgrade to a newer version.
To be clear here: Postfix is not itself susceptible to this problem.
The only purpose for this patch is to allow Postfix to mung messages
to protect vulnerable sendmails downstream from it.
-Bennett
[1] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0254.html>
[2] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0402.html>
[3] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0487.html>
Attachment:
_bin
Description:
Current thread:
- sendmail 8.12.8 available Claus Assmann (Mar 03)
- Re: sendmail 8.12.8 available Florian Weimer (Mar 03)
- Re: sendmail 8.12.8 available Nico Erfurth (Mar 04)
- Message not available
- Re: sendmail 8.12.8 available Bennett Todd (Mar 07)
- Re: sendmail 8.12.8 available Florian Weimer (Mar 03)
- Re: sendmail 8.12.8 available Mordechai T. Abzug (Mar 04)
- Re: sendmail 8.12.8 available Neil W Rickert (Mar 06)