Bugtraq mailing list archives
Re: sendmail 8.12.8 available
From: Bennett Todd <bet () rahul net>
Date: Fri, 7 Mar 2003 14:49:27 -0500
On Mon, 3 Mar 2003, Florian Weimer wrote:
Would people be willing to share filter rules for other MTAs to block offending messages on relays?
Wietse Venema offered the following responses for Postfix. First out of the gate was [1], this regexp-based quick-response; capable of false-positives, but not as scary as might be feared since it only looks in the headers (place this in a regexp map, assign that to header_checks): /<><><><><><>/ reject possible CA-2003-07 sendmail buffer overflow exploit Then he came out with [2], a new release of postfix with functionality like that of patched sendmail, sanitizing messages as they pass through and logging when it does so. This enhancement he then broke out as a light patch [3] to apply against most versions of postfix that might be in use, for people who'd like the protection without having to upgrade to a newer version. To be clear here: Postfix is not itself susceptible to this problem. The only purpose for this patch is to allow Postfix to mung messages to protect vulnerable sendmails downstream from it. -Bennett [1] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0254.html> [2] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0402.html> [3] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0487.html>
Attachment:
_bin
Description:
Current thread:
- sendmail 8.12.8 available Claus Assmann (Mar 03)
- Re: sendmail 8.12.8 available Florian Weimer (Mar 03)
- Re: sendmail 8.12.8 available Nico Erfurth (Mar 04)
- Message not available
- Re: sendmail 8.12.8 available Bennett Todd (Mar 07)
- Re: sendmail 8.12.8 available Florian Weimer (Mar 03)
- Re: sendmail 8.12.8 available Mordechai T. Abzug (Mar 04)
- Re: sendmail 8.12.8 available Neil W Rickert (Mar 06)