Bugtraq mailing list archives
Re: Sendmail 8.8.x/8.9.x bugware
From: nic.b () IHUG CO NZ (Nic Bellamy)
Date: Wed, 20 Jan 1999 16:47:25 +1300
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime () docserver cac washington edu for more info. --936542718-202716889-916804045=:22212 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sat, 12 Dec 1998, Michal Zalewski wrote:
2. 'Headers prescan' DoS There are possible DoS attacks due to ineffective headers prescan algorithm. Two or three medium-size (200 kb) mail messages may render system unusable for quite long period of time (as headers are parsed at least twice, on message collection and in queue). Exploit sold separately :-)
Hi, After thinking that we may need more header lines allowed for when we need to do mailouts to large numbers of our users, I've written up a slightly nicer version of Michals patch that allows the maximum number of header lines to be set in sendmail.cf. It saves on recompiles :-) For sendmail.cf: O MaxHeaderLines=<number> For M4 configuration: define(`confMAX_HEADER_LINES',<number>)dnl The patch is attached, and should have an MD5 signature of f38ff30ea30ec0c2b2000f4586b03a0b. Michals patch will need to be removed (patch -R) before application. Regards, Nic. +------ Nic Bellamy <nic.b () ihug co nz> -----+ | UN*X Programmer, The Internet Group (NZ). | | http://www.ihug.co.nz/ | +-------------------------------------------+ --936542718-202716889-916804045=:22212 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="MaxHeaderLines.diff" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.3.96.990120164725.22212B () router gnuflat linux net nz> Content-Description: ZGlmZiAtcnVOIHNlbmRtYWlsLTguOS4yLWNsZWFuL2NmL200L3Byb3RvLm00 IHNlbmRtYWlsLTguOS4yL2NmL200L3Byb3RvLm00DQotLS0gc2VuZG1haWwt OC45LjItY2xlYW4vY2YvbTQvcHJvdG8ubTQJV2VkIERlYyAzMCAwNjo0Mjow NyAxOTk4DQorKysgc2VuZG1haWwtOC45LjIvY2YvbTQvcHJvdG8ubTQJV2Vk IEphbiAyMCAxNToyMjoyMSAxOTk5DQpAQCAtNDc4LDYgKzQ3OCwxMCBAQA0K IGAjIE1heGltdW0gTUlNRSBoZWFkZXIgbGVuZ3RoIHRvIHByb3RlY3QgTVVB cw0KIE8gTWF4TWltZUhlYWRlckxlbmd0aD1jb25mTUFYX01JTUVfSEVBREVS X0xFTkdUSA0KICcpDQoraWZkZWYoYGNvbmZNQVhfSEVBREVSX0xJTkVTJywN CitgIyBNYXhpbXVtIG51bWJlciBvZiBoZWFkZXIgbGluZXMgdG8gcHJvdGVj dCBhZ2FpbnN0IGRlbmlhbCBvZiBzZXJ2aWNlIGF0dGFja3MNCitPIE1heEhl YWRlckxpbmVzPWNvbmZNQVhfSEVBREVSX0xJTkVTDQorJykNCiANCiAjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMNCiAjICAgTWVzc2FnZSBwcmVjZWRl bmNlcyAgICMNCmRpZmYgLXJ1TiBzZW5kbWFpbC04LjkuMi1jbGVhbi9zcmMv Y29sbGVjdC5jIHNlbmRtYWlsLTguOS4yL3NyYy9jb2xsZWN0LmMNCi0tLSBz ZW5kbWFpbC04LjkuMi1jbGVhbi9zcmMvY29sbGVjdC5jCVdlZCBEZWMgMzAg MDY6NDI6MTggMTk5OA0KKysrIHNlbmRtYWlsLTguOS4yL3NyYy9jb2xsZWN0 LmMJV2VkIEphbiAyMCAxNToxOTozNyAxOTk5DQpAQCAtODIsNiArODIsNyBA QA0KIAljaGFyIGJ1ZmJ1ZltNQVhMSU5FXTsNCiAJZXh0ZXJuIGJvb2wgaXNo ZWFkZXIgX19QKChjaGFyICopKTsNCiAJZXh0ZXJuIHZvaWQgdGZlcnJvciBf X1AoKEZJTEUgKnZvbGF0aWxlLCBFTlZFTE9QRSAqKSk7DQorCWludCBoZWFk ZXJfbGluZXMgPSAwOw0KIA0KIAloZWFkZXJvbmx5ID0gaGRycCAhPSBOVUxM Ow0KIA0KQEAgLTMyOSw2ICszMzAsMTggQEANCiAJCQl7DQogCQkJCW1zdGF0 ZSA9IE1TX0JPRFk7DQogCQkJCWdvdG8gbmV4dHN0YXRlOw0KKwkJCX0NCisN CisJCQloZWFkZXJfbGluZXMrKzsNCisJCQlpZiAoTWF4SGVhZGVyTGluZXMg PiAwDQorCQkJCQkmJiBoZWFkZXJfbGluZXMgPiBNYXhIZWFkZXJMaW5lcykN CisJCQl7DQorCQkJCXNtX3N5c2xvZyhMT0dfTk9USUNFLCBlLT5lX2lkLA0K KwkJCQkJCSJFeGNlc3NpdmUgaGVhZGVycyBmcm9tICVzIGR1cmluZyBtZXNz YWdlIGNvbGxlY3QiLCBDdXJIb3N0TmFtZSA/IEN1ckhvc3ROYW1lIDogIjxs b2NhbCBtYWNoaW5lPiIpOw0KKwkJCQllcnJubyA9IDA7DQorCQkJCXVzcmVy cigiNDUxIEV4Y2Vzc2l2ZSBoZWFkZXJzICglZCkuIiwNCisJCQkJCQlNYXhI ZWFkZXJMaW5lcyk7DQorCQkJCWdvdG8gcmVhZGVycjsNCiAJCQl9DQogDQog CQkJLyogY2hlY2sgZm9yIHBvc3NpYmxlIGNvbnRpbnVhdGlvbiBsaW5lICov DQpkaWZmIC1ydU4gc2VuZG1haWwtOC45LjItY2xlYW4vc3JjL3JlYWRjZi5j IHNlbmRtYWlsLTguOS4yL3NyYy9yZWFkY2YuYw0KLS0tIHNlbmRtYWlsLTgu OS4yLWNsZWFuL3NyYy9yZWFkY2YuYwlXZWQgRGVjIDMwIDA2OjQyOjIyIDE5 OTgNCisrKyBzZW5kbWFpbC04LjkuMi9zcmMvcmVhZGNmLmMJV2VkIEphbiAy MCAxNToyNjowNCAxOTk5DQpAQCAtMTUyNyw2ICsxNTI3LDggQEANCiAjZGVm aW5lIE9fQ09OVFJPTFNPQ0tFVAkweGE5DQogCXsgIkNvbnRyb2xTb2NrZXRO YW1lIiwJCU9fQ09OVFJPTFNPQ0tFVCwJRkFMU0UJfSwNCiAjZW5kaWYNCisj ZGVmaW5lIE9fTUFYSEVBREVSTElORVMgMHhhYQ0KKwl7ICJNYXhIZWFkZXJM aW5lcyIsCQlPX01BWEhFQURFUkxJTkVTLAlGQUxTRSAgIH0sDQogCXsgTlVM TCwJCQkJJ1wwJywJCUZBTFNFCX0NCiB9Ow0KIA0KQEAgLTI0NjUsNiArMjQ2 NywxNiBAQA0KIAkJQ29udHJvbFNvY2tldE5hbWUgPSBuZXdzdHIodmFsKTsN CiAJCWJyZWFrOw0KICNlbmRpZg0KKwkgIGNhc2UgT19NQVhIRUFERVJMSU5F UzoNCisJCU1heEhlYWRlckxpbmVzID0gYXRvaSh2YWwpOw0KKwkJaWYgKE1h eEhlYWRlckxpbmVzIDwgMTI4KQ0KKwkJew0KKwkJCXByaW50ZigiV2Fybmlu ZzogTWF4SGVhZGVyTGluZXM6IG1heCBsaW5lcyBsb3dlciB0aGFuIDEyOFxu Iik7DQorCQl9DQorCQllbHNlIGlmIChNYXhIZWFkZXJMaW5lcyA+IDEwMjQw KQ0KKwkJew0KKwkJCXByaW50ZigiV2FybmluZzogTWF4SGVhZGVyTGluZXM6 IG1heCBsaW5lcyBsYXJnZXIgdGhhbiAxMDI0MCAtIG1heSBub3QgcHJvdGVj dCBhZ2FpbnN0IGF0dGFja3NcbiIpOw0KKwkJfQ0KIA0KIAkgIGRlZmF1bHQ6 DQogCQlpZiAodFRkKDM3LCAxKSkNCmRpZmYgLXJ1TiBzZW5kbWFpbC04Ljku Mi1jbGVhbi9zcmMvc2VuZG1haWwuaCBzZW5kbWFpbC04LjkuMi9zcmMvc2Vu ZG1haWwuaA0KLS0tIHNlbmRtYWlsLTguOS4yLWNsZWFuL3NyYy9zZW5kbWFp bC5oCVdlZCBEZWMgMzAgMDY6NDI6MTkgMTk5OA0KKysrIHNlbmRtYWlsLTgu OS4yL3NyYy9zZW5kbWFpbC5oCVdlZCBKYW4gMjAgMTU6MjE6NDUgMTk5OQ0K QEAgLTEyOTEsNiArMTI5MSw3IEBADQogCQkJCQkvKiBzYXZlZCB1c2VyIGVu dmlyb25tZW50ICovDQogRVhURVJOIGludAlNYXhNaW1lSGVhZGVyTGVuZ3Ro OwkvKiBtYXhpbXVtIE1JTUUgaGVhZGVyIGxlbmd0aCAqLw0KIEVYVEVSTiBp bnQJTWF4TWltZUZpZWxkTGVuZ3RoOwkvKiBtYXhpbXVtIE1JTUUgZmllbGQg bGVuZ3RoICovDQorRVhURVJOIGludAlNYXhIZWFkZXJMaW5lczsJCS8qIG1h eGltdW0gbnVtYmVyIG9mIGhlYWRlciBsaW5lcyAqLw0KIA0KIGV4dGVybiBp bnQJZXJybm87DQogDQo= --936542718-202716889-916804045=:22212--
Current thread:
- [SECURITY] ftpwatch package has major security problems, (continued)
- [SECURITY] ftpwatch package has major security problems Jamie Fifield (Jan 17)
- Michal's report and sendmail-8.9.2 GvS (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Jens Hoffmann (Jan 16)
- Re: Sendmail 8.8.x/8.9.x bugware Alan Brown (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
- Personal web server kiborg (Jan 17)
- Re: Personal web server Dave Pifke (Jan 18)
- Another web-based mail reader hole Dave Pifke (Jan 18)
- Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
- Personal web server kiborg (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
- Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
- Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)