Re: Yet another snigger at s**dmail

Pàgina inicial
Delete this message
Reply to this message
Autor: Roger Books
Data:  
A: exim-users
Assumpte: Re: Yet another snigger at s**dmail
> You've got to laugh, haven't you? This one sounds like you don't even
> need to write perverse software to connect to mailhosts, you just need
> to construct a particularly clever email, then spam as many people as
> you want with it and wait for the results.
>
> > From: CERT Advisory <cert-advisory@???>
> > Subject: CERT Advisory CA-97.05 - Vulnerability in Sendmail 8.8.3 and
> > 8.8.4               
> > Topic: MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and
> > 8.8.4 
> > The CERT Coordination Center has received reports of a vulnerability in
> > sendmail versions 8.8.3 and 8.8.4. By sending a carefully crafted email
> > message to a system running a vulnerable version of sendmail, intruders
> > may be able to force sendmail to execute arbitrary commands with root
> > privileges.
> [blah]
> > In most cases, the MIME conversion of email is done on final delivery;
> > that is, to the local mailbox or a program. Therefore, this
> > vulnerability may be exploited on systems despite firewalls and other
> > network boundary protective measures.


Are you sure this came from CERT? I haven't seen it yet and I am on their
mailing list. To be honest this looks like a hoax. Mime messages just
have a text trailer added on that the recipients software should know how
to deal with. Note that is the recipient, not the MTA. So by the time the
recipient is reading it the uid is no longer root (unless root is reading
it.) Even at that once you reach that point your MTA is irrelevant.
I could be wrong (that has happened before) but this really looks like a
hoax to me.

>
> Exim, we salute you once more. I wonder if we'll ever see a CERT
> advisory about Exim?


All depends on how popular Exim becomes. It is a large program and
usually there are holes in large programs. If I ever get the time I
am going to see if I can buffer overflow it. It is always better to
have holes discovered by a friendly hacker than a malicious cracker. :)

Roger