Re: [Exim] exim as relay for latest sendmail bug?

Pàgina inicial
Delete this message
Reply to this message
Autor: Andreas Gietl
Data:  
A: Nico Erfurth, Marc Haber
CC: exim-users, tom
Assumpte: Re: [Exim] exim as relay for latest sendmail bug?
On Tuesday 04 March 2003 14:16, Nico Erfurth wrote:
> Marc Haber wrote:
> > Hi,
> >
> > the latest sendmail bug can be exploited by sending a message to a
> > vulnerable system. Using exim as an application level gateway doesn't
> > help here, since exim will happily relay the message containing the
> > exploit to a vulnerable internal system.
> >
> > Has anybody out here done an analysis of the sendmail bug? Is it
> > possible to configure exim to not relay an exploiting message, but
> > instead rejecting it? I would be very interested in solutions for both
> > exim 3 and exim 4.
>
> I don't think you can do it with exim directly, unless it is a special
> header, so you can check $h_XXX for a special length.


The Bug affects the parsing of the From, To, CC and Bcc-Header which sendmail
does semantic tests on.


>
> BUT, it should be easy to do with a local_scan function.


Yeah. exiscan migth be able to do this. Tom do you read this?
The patch that fixes the sendmail-bug now detects these crafted headers and
logs an error to the log. Perhaps it is possible to implement this routine
into exiscan and then detect it as malicious content.

>
> I don't know how the new sendmail-bug works, I just read about overlong
> headers etc....


>
> Nico
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##


--
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 89 244329104
93051 Regensburg                                  mobil +49 171 6070008


PGP/GPG-Key unter http://www.e-admin.de/gpg.html