On Tuesday 04 March 2003 14:16, Nico Erfurth wrote:
> Marc Haber wrote:
> > Hi,
> >
> > the latest sendmail bug can be exploited by sending a message to a
> > vulnerable system. Using exim as an application level gateway doesn't
> > help here, since exim will happily relay the message containing the
> > exploit to a vulnerable internal system.
> >
> > Has anybody out here done an analysis of the sendmail bug? Is it
> > possible to configure exim to not relay an exploiting message, but
> > instead rejecting it? I would be very interested in solutions for both
> > exim 3 and exim 4.
>
> I don't think you can do it with exim directly, unless it is a special
> header, so you can check $h_XXX for a special length.
The Bug affects the parsing of the From, To, CC and Bcc-Header which sendmail
does semantic tests on.
>
> BUT, it should be easy to do with a local_scan function.
Yeah. exiscan migth be able to do this. Tom do you read this?
The patch that fixes the sendmail-bug now detects these crafted headers and
logs an error to the log. Perhaps it is possible to implement this routine
into exiscan and then detect it as malicious content.
>
> I don't know how the new sendmail-bug works, I just read about overlong
> headers etc....
>
> Nico
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
--
e-admin internet gmbh
Andreas Gietl tel +49 941 3810884
Ludwig-Thoma-Strasse 35 fax +49 89 244329104
93051 Regensburg mobil +49 171 6070008
PGP/GPG-Key unter
http://www.e-admin.de/gpg.html
