Bugtraq mailing list archives
Sendmail filter rule to stop Outlook exploit
From: koos () KZDOOS XS4ALL NL (Koos van den Hout)
Date: Fri, 21 Jul 2000 18:08:33 +0200
Also on http://www.cetis.hvu.nl/~koos/outlookoverflow.txt with tabs in the right places :) # # this is a filter to make sendmail reject messages with Date: headers # that are too long. This is used in the latest Outlook exploit. # # You NEED: # - a sendmail that understands regex maps. I had to specially compile this # into 8.11 ! Add to sendmail-8.11.0/devtools/Site/site.config.m4 # define(`confMAPDEF',`-DMAP_REGEX') and rebuild from scratch # # The filter simply rejects messages with a date header longer (total!) # then 60 chars # # Then add this part to your .mc file in the different areas and regenerate # your .cf file # # 2000-07-21 Originally written # # if you cut and paste this: # tabs are in use in the '^R' lines # # Koos van den Hout # http://www.cetis.hvu.nl/~koos/ # http://www.virtualbookcase.com/ # LOCAL_CONFIG Klinetoolong regex -a@MATCH ^.{60,}$ LOCAL_RULESETS HDate: $>+CheckDate SCheckDate R$* $: $(linetoolong $1 $) R@MATCHi $#error $: 553 Date Header too long error R$*i $@ OK -- Koos van den Hout, PGP keyid RSA/1024 0xCA845CB5 via keyservers koos () kzdoos xs4all nl or DSS/1024 0xF0D7C263 -?) Fax +31-30-2817051 Visit my site about books with reviews /\\ http://www.cetis.hvu.nl/~koos/ http://www.virtualbookcase.com/ _\_V
Current thread:
- Cobalt RaQ 3 security hole? Chad Day (Jul 18)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Re: Cobalt RaQ 3 security hole? Brian Behlendorf (Jul 21)
- Microsoft Security Bulletin (MS00-045) Microsoft Product Security (Jul 20)
- [ANNOUNCE] INN 2.2.3 available patrick () PINE NL (Jul 21)
- Re: Cobalt RaQ 3 security hole? Francis [loaded.net] (Jul 21)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Peter W (Jul 21)
- Re: Cobalt RaQ 3 security hole? Edward S. Marshall (Jul 24)
- Re: Cobalt RaQ 3 security hole? Wichert Akkerman (Jul 22)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Sendmail filter rule to stop Outlook exploit Koos van den Hout (Jul 21)
- <Possible follow-ups>
- Re: Cobalt RaQ 3 security hole? Forrest J. Cavalier III (Jul 25)