Bugtraq mailing list archives
false alarms by real secure
From: danton () INEXO COM BR (Danton Nunes)
Date: Tue, 29 Feb 2000 16:39:04 -0300
Real secure traps incoming packets on tcp/25 containing certain strings that suggest a message being directed to a program (to:|something). It seems not to distinguish between message headers and message contents and sounds a false alarm when a message or an attachment to a message contains something like 'mailbox:/c|/some/funny/place'. it is possible to launch a DoS attack against firewalls with realsecure just sending a number of e-mails containing the offending pattern. The message is not delivered, returning to sendmail w/ I/O error. sendmail requeues and tries again later, making the alarm ring over and over again. I don't understand why realsecure mistakes normal e-mail text for an attack against sendmail (most versions are not vulnerable anyway). Amazingly, this behaviour is documented as a 'feature'. -- Danton Nunes |Informática, Consultoria e Serviços de Acesso à Internet InterNexo Ltda. | http://www.inexo.com.br/ mailto:danton () inexo com br S.J.Campos,BRASIL | PGP: 02 D1 E2 DF 21 EC 48 69 3F D5 4D 1B 5D 73 F4 B5
Current thread:
- SSH & xauth Brian Caswell (Feb 24)
- Re: SSH & xauth Andrey (Feb 25)
- Re: SSH & xauth David Terrell (Feb 25)
- Re: SSH & xauth Robert Watson (Feb 25)
- Re: SSH & xauth Lionel Cons (Feb 28)
- Re: SSH & xauth David Pybus (Feb 26)
- Re: SSH & xauth Robert Watson (Feb 28)
- xterm log file vulnerability Morten Welinder (Feb 29)
- false alarms by real secure Danton Nunes (Feb 29)
- New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- <Possible follow-ups>
- Re: SSH & xauth Oliver Friedrichs (Feb 25)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 28)
- Serv-U FTP-Server v2.4a showing real path Berk Ulsoy (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)
- Re: SSH & xauth Niels Provos (Feb 28)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Brian (Feb 28)
(Thread continues...)