Bugtraq mailing list archives

Re: Sendmail 8.8.x/8.9.x bugware

From: nic.b () IHUG CO NZ (Nic Bellamy)
Date: Wed, 20 Jan 1999 16:47:25 +1300


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime () docserver cac washington edu for more info.

--936542718-202716889-916804045=:22212
Content-Type: TEXT/PLAIN; charset=US-ASCII


On Sat, 12 Dec 1998, Michal Zalewski wrote:

2. 'Headers prescan' DoS

There are possible DoS attacks due to ineffective headers prescan
algorithm. Two or three medium-size (200 kb) mail messages may render
system unusable for quite long period of time (as headers are parsed at
least twice, on message collection and in queue). Exploit sold separately
:-)


Hi,
        After thinking that we may need more header lines allowed for when
we need to do mailouts to large numbers of our users, I've written up a
slightly nicer version of Michals patch that allows the maximum number of
header lines to be set in sendmail.cf. It saves on recompiles :-)

For sendmail.cf:

        O MaxHeaderLines=<number>

For M4 configuration:

        define(`confMAX_HEADER_LINES',<number>)dnl

The patch is attached, and should have an MD5 signature of
f38ff30ea30ec0c2b2000f4586b03a0b. Michals patch will need to be removed
(patch -R) before application.

Regards,
        Nic.

+------ Nic Bellamy <nic.b () ihug co nz> -----+
| UN*X Programmer, The Internet Group (NZ). |
|           http://www.ihug.co.nz/          |
+-------------------------------------------+

--936542718-202716889-916804045=:22212
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="MaxHeaderLines.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.3.96.990120164725.22212B () router gnuflat linux net nz>
Content-Description:

ZGlmZiAtcnVOIHNlbmRtYWlsLTguOS4yLWNsZWFuL2NmL200L3Byb3RvLm00
IHNlbmRtYWlsLTguOS4yL2NmL200L3Byb3RvLm00DQotLS0gc2VuZG1haWwt
OC45LjItY2xlYW4vY2YvbTQvcHJvdG8ubTQJV2VkIERlYyAzMCAwNjo0Mjow
NyAxOTk4DQorKysgc2VuZG1haWwtOC45LjIvY2YvbTQvcHJvdG8ubTQJV2Vk
IEphbiAyMCAxNToyMjoyMSAxOTk5DQpAQCAtNDc4LDYgKzQ3OCwxMCBAQA0K
IGAjIE1heGltdW0gTUlNRSBoZWFkZXIgbGVuZ3RoIHRvIHByb3RlY3QgTVVB
cw0KIE8gTWF4TWltZUhlYWRlckxlbmd0aD1jb25mTUFYX01JTUVfSEVBREVS
X0xFTkdUSA0KICcpDQoraWZkZWYoYGNvbmZNQVhfSEVBREVSX0xJTkVTJywN
CitgIyBNYXhpbXVtIG51bWJlciBvZiBoZWFkZXIgbGluZXMgdG8gcHJvdGVj
dCBhZ2FpbnN0IGRlbmlhbCBvZiBzZXJ2aWNlIGF0dGFja3MNCitPIE1heEhl
YWRlckxpbmVzPWNvbmZNQVhfSEVBREVSX0xJTkVTDQorJykNCiANCiAjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMNCiAjICAgTWVzc2FnZSBwcmVjZWRl
bmNlcyAgICMNCmRpZmYgLXJ1TiBzZW5kbWFpbC04LjkuMi1jbGVhbi9zcmMv
Y29sbGVjdC5jIHNlbmRtYWlsLTguOS4yL3NyYy9jb2xsZWN0LmMNCi0tLSBz
ZW5kbWFpbC04LjkuMi1jbGVhbi9zcmMvY29sbGVjdC5jCVdlZCBEZWMgMzAg
MDY6NDI6MTggMTk5OA0KKysrIHNlbmRtYWlsLTguOS4yL3NyYy9jb2xsZWN0
LmMJV2VkIEphbiAyMCAxNToxOTozNyAxOTk5DQpAQCAtODIsNiArODIsNyBA
QA0KIAljaGFyIGJ1ZmJ1ZltNQVhMSU5FXTsNCiAJZXh0ZXJuIGJvb2wgaXNo
ZWFkZXIgX19QKChjaGFyICopKTsNCiAJZXh0ZXJuIHZvaWQgdGZlcnJvciBf
X1AoKEZJTEUgKnZvbGF0aWxlLCBFTlZFTE9QRSAqKSk7DQorCWludCBoZWFk
ZXJfbGluZXMgPSAwOw0KIA0KIAloZWFkZXJvbmx5ID0gaGRycCAhPSBOVUxM
Ow0KIA0KQEAgLTMyOSw2ICszMzAsMTggQEANCiAJCQl7DQogCQkJCW1zdGF0
ZSA9IE1TX0JPRFk7DQogCQkJCWdvdG8gbmV4dHN0YXRlOw0KKwkJCX0NCisN
CisJCQloZWFkZXJfbGluZXMrKzsNCisJCQlpZiAoTWF4SGVhZGVyTGluZXMg
PiAwDQorCQkJCQkmJiBoZWFkZXJfbGluZXMgPiBNYXhIZWFkZXJMaW5lcykN
CisJCQl7DQorCQkJCXNtX3N5c2xvZyhMT0dfTk9USUNFLCBlLT5lX2lkLA0K
KwkJCQkJCSJFeGNlc3NpdmUgaGVhZGVycyBmcm9tICVzIGR1cmluZyBtZXNz
YWdlIGNvbGxlY3QiLCBDdXJIb3N0TmFtZSA/IEN1ckhvc3ROYW1lIDogIjxs
b2NhbCBtYWNoaW5lPiIpOw0KKwkJCQllcnJubyA9IDA7DQorCQkJCXVzcmVy
cigiNDUxIEV4Y2Vzc2l2ZSBoZWFkZXJzICglZCkuIiwNCisJCQkJCQlNYXhI
ZWFkZXJMaW5lcyk7DQorCQkJCWdvdG8gcmVhZGVycjsNCiAJCQl9DQogDQog
CQkJLyogY2hlY2sgZm9yIHBvc3NpYmxlIGNvbnRpbnVhdGlvbiBsaW5lICov
DQpkaWZmIC1ydU4gc2VuZG1haWwtOC45LjItY2xlYW4vc3JjL3JlYWRjZi5j
IHNlbmRtYWlsLTguOS4yL3NyYy9yZWFkY2YuYw0KLS0tIHNlbmRtYWlsLTgu
OS4yLWNsZWFuL3NyYy9yZWFkY2YuYwlXZWQgRGVjIDMwIDA2OjQyOjIyIDE5
OTgNCisrKyBzZW5kbWFpbC04LjkuMi9zcmMvcmVhZGNmLmMJV2VkIEphbiAy
MCAxNToyNjowNCAxOTk5DQpAQCAtMTUyNyw2ICsxNTI3LDggQEANCiAjZGVm
aW5lIE9fQ09OVFJPTFNPQ0tFVAkweGE5DQogCXsgIkNvbnRyb2xTb2NrZXRO
YW1lIiwJCU9fQ09OVFJPTFNPQ0tFVCwJRkFMU0UJfSwNCiAjZW5kaWYNCisj
ZGVmaW5lIE9fTUFYSEVBREVSTElORVMgMHhhYQ0KKwl7ICJNYXhIZWFkZXJM
aW5lcyIsCQlPX01BWEhFQURFUkxJTkVTLAlGQUxTRSAgIH0sDQogCXsgTlVM
TCwJCQkJJ1wwJywJCUZBTFNFCX0NCiB9Ow0KIA0KQEAgLTI0NjUsNiArMjQ2
NywxNiBAQA0KIAkJQ29udHJvbFNvY2tldE5hbWUgPSBuZXdzdHIodmFsKTsN
CiAJCWJyZWFrOw0KICNlbmRpZg0KKwkgIGNhc2UgT19NQVhIRUFERVJMSU5F
UzoNCisJCU1heEhlYWRlckxpbmVzID0gYXRvaSh2YWwpOw0KKwkJaWYgKE1h
eEhlYWRlckxpbmVzIDwgMTI4KQ0KKwkJew0KKwkJCXByaW50ZigiV2Fybmlu
ZzogTWF4SGVhZGVyTGluZXM6IG1heCBsaW5lcyBsb3dlciB0aGFuIDEyOFxu
Iik7DQorCQl9DQorCQllbHNlIGlmIChNYXhIZWFkZXJMaW5lcyA+IDEwMjQw
KQ0KKwkJew0KKwkJCXByaW50ZigiV2FybmluZzogTWF4SGVhZGVyTGluZXM6
IG1heCBsaW5lcyBsYXJnZXIgdGhhbiAxMDI0MCAtIG1heSBub3QgcHJvdGVj
dCBhZ2FpbnN0IGF0dGFja3NcbiIpOw0KKwkJfQ0KIA0KIAkgIGRlZmF1bHQ6
DQogCQlpZiAodFRkKDM3LCAxKSkNCmRpZmYgLXJ1TiBzZW5kbWFpbC04Ljku
Mi1jbGVhbi9zcmMvc2VuZG1haWwuaCBzZW5kbWFpbC04LjkuMi9zcmMvc2Vu
ZG1haWwuaA0KLS0tIHNlbmRtYWlsLTguOS4yLWNsZWFuL3NyYy9zZW5kbWFp
bC5oCVdlZCBEZWMgMzAgMDY6NDI6MTkgMTk5OA0KKysrIHNlbmRtYWlsLTgu
OS4yL3NyYy9zZW5kbWFpbC5oCVdlZCBKYW4gMjAgMTU6MjE6NDUgMTk5OQ0K
QEAgLTEyOTEsNiArMTI5MSw3IEBADQogCQkJCQkvKiBzYXZlZCB1c2VyIGVu
dmlyb25tZW50ICovDQogRVhURVJOIGludAlNYXhNaW1lSGVhZGVyTGVuZ3Ro
OwkvKiBtYXhpbXVtIE1JTUUgaGVhZGVyIGxlbmd0aCAqLw0KIEVYVEVSTiBp
bnQJTWF4TWltZUZpZWxkTGVuZ3RoOwkvKiBtYXhpbXVtIE1JTUUgZmllbGQg
bGVuZ3RoICovDQorRVhURVJOIGludAlNYXhIZWFkZXJMaW5lczsJCS8qIG1h
eGltdW0gbnVtYmVyIG9mIGhlYWRlciBsaW5lcyAqLw0KIA0KIGV4dGVybiBp
bnQJZXJybm87DQogDQo=
--936542718-202716889-916804045=:22212--

Current thread:

[SECURITY] ftpwatch package has major security problems, (continued)
- - [SECURITY] ftpwatch package has major security problems Jamie Fifield (Jan 17)
  - Michal's report and sendmail-8.9.2 GvS (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Jens Hoffmann (Jan 16)
  - Re: Sendmail 8.8.x/8.9.x bugware Alan Brown (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
  - Personal web server kiborg (Jan 17)
    - Re: Personal web server Dave Pifke (Jan 18)
    - Another web-based mail reader hole Dave Pifke (Jan 18)
    - Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
  - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
    - Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
    - Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
    - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
    - Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)
- FW: Personal web server - Temporary Fix Ollie Whitehouse (Jan 20)
- Nobo and Netbuster Dos Wolfgang Gassner (Jan 20)
  - Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)

(Thread continues...)