Bugtraq mailing list archives
Re: Sendmail MIME DoS vulnerability
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 21 Jun 2006 13:32:00 -0500 (CDT)
On Tue, 20 Jun 2006, Jain, Siddhartha wrote:
Hi, I am trying to understand how the below mentioned sendmail vulnerability. http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc The description says that the DoS occurs when sendmail goes in a deeply nested malformed MIME message and uses the MIME 8-bit to 7-bit conversion function. Under what conditions would sendmail use the MIME 8-bit to 7-bit function? Only when the remote MTA doesn't understand 8-bit MIME, right? That would mean that a malicious user would have to force the victim MTA to relay the malformed mail to a MIME 7-bit-only MTA for the attack to succeed. This probably means that open relays and ISP SMTP servers are more vulnerable than purely incoming SMTP servers. I am just trying to make sense of the advisory and the possible threat of exploit.
I didn't understand at first, either. As I attributed it to the DATA part of the message. Apparently sendmail is smart enough to prevent the message from not reaching the other side due to breakage using this. But I don't get it completely yet. Gadi.
Thanks, - Siddhartha
Current thread:
- Sendmail MIME DoS vulnerability Jain, Siddhartha (Jun 21)
- Re: Sendmail MIME DoS vulnerability Gadi Evron (Jun 23)
- Re: Sendmail MIME DoS vulnerability Claus Assmann (Jun 27)