>From: "Kevin W. Reed" <listaccount@???>
>To: exim-users@???
>Subject: [Exim] OT - CERT Advisory - Buffer Overflow in Sendmail
> <mailto:exim-users-request@exim.org?subject=unsubscribe>
>Date: Thu, 18 Sep 2003 08:59:47 -0700 (MST)
>
>Does anyone know if there is anything that can be done at a main
>mail server running Exim to trap or prevent this type of traffic
>from being accepted and passed on to internal (many) Sendmail
>boxes?
>
>The alert really doesn't say what is going on, just that there is a
>buffer Overflow problem.
>
>I'm guessing that Exim would already consider a problem such a
>messages and deal with it properly??? then again.. maybe it would
>not be effected but would pass on the problem.
The crucial paragraph in this CERT Advisory is:
The email attack vector is message-oriented as opposed to
connection-oriented. This means that the vulnerability is
triggered by the contents of a specially crafted email message
rather than by lower-level network traffic. This is important
because an MTA that does not contain the vulnerability may pass
the malicious message along to other MTAs that may be protected
at the network level. In other words, vulnerable sendmail
servers on the interior of a network are still at risk, even if
the site's border MTA uses software other than sendmail. Also,
messages capable of exploiting this vulnerability may pass
undetected through packet filters or firewalls.
exim *doesn't* do content scanning. After all it's an MTA. exim
will just pass any such message onto a vulnerable sendmail server.