Home page logo

bugtraq logo Bugtraq mailing list archives

Re: sendmail 8.12.8 available
From: Nico Erfurth <masta () perlgolf de>
Date: Tue, 04 Mar 2003 18:21:45 +0100

Florian Weimer wrote:
Claus Assmann <ca+bugtraq () sendmail org> writes:

Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.12.8.  It contains a fix for a critical security
problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force
for bringing this problem to our attention.  Sendmail urges all users to
either upgrade to sendmail 8.12.8 or apply the patch for 8.12 that
is part of this announcement.

Would people be willing to share filter rules for other MTAs to block
offending messages on relays?


I'm not sure how the exploit works, but if I understood the LSD-analysis correctly, it uses the comment for the payload, and needs many <> in a parsed header. With exim4, this ACL should/could help.

First it checks for the header-syntax, that will reject the <><><><> used in the LSD-POC-code. The second condition should refuse to accept comments longer than 20 chars.

acl_data = check_message

  require message = Invalid header syntax (Maybe sendmail exploit)
          verify  = header_syntax
  deny    message = Ohh, this looks like the sendmail-exploit
          condition = ${if match {$h_from: $h_cc: $h_bcc: $h_reply_to: \
                             $h_sender: $h_to:} {\N\(.{21,}?\)\N}{1}{0}}

No warranty ;)

Nico Erfurth

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]