|
Bugtraq
mailing list archives
Re: sendmail 8.12.8 available
From: Nico Erfurth <masta () perlgolf de>
Date: Tue, 04 Mar 2003 18:21:45 +0100
Florian Weimer wrote:
Claus Assmann <ca+bugtraq () sendmail org> writes:
Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.12.8. It contains a fix for a critical security
problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force
for bringing this problem to our attention. Sendmail urges all users to
either upgrade to sendmail 8.12.8 or apply the patch for 8.12 that
is part of this announcement.
Would people be willing to share filter rules for other MTAs to block
offending messages on relays?
Thanks,
I'm not sure how the exploit works, but if I understood the LSD-analysis
correctly, it uses the comment for the payload, and needs many <> in a
parsed header. With exim4, this ACL should/could help.
First it checks for the header-syntax, that will reject the <><><><>
used in the LSD-POC-code. The second condition should refuse to accept
comments longer than 20 chars.
acl_data = check_message
check_message:
require message = Invalid header syntax (Maybe sendmail exploit)
verify = header_syntax
deny message = Ohh, this looks like the sendmail-exploit
condition = ${if match {$h_from: $h_cc: $h_bcc: $h_reply_to: \
$h_sender: $h_to:} {\N\(.{21,}?\)\N}{1}{0}}
No warranty ;)
Nico Erfurth
 By Date 
By Thread
Current thread:
|
Intro
