| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Mar 2003 18:21:45 +0100
From: Nico Erfurth <masta@...lgolf.de>
To: Florian Weimer <Weimer@...T.Uni-Stuttgart.DE>
Cc: bugtraq@...urityfocus.com, vulndiscuss@...nwatch.org
Subject: [VulnDiscuss] Re: sendmail 8.12.8 available
Florian Weimer wrote:
> Claus Assmann <ca+bugtraq@...dmail.org> writes:
>
>
>>Sendmail, Inc., and the Sendmail Consortium announce the availability
>>of sendmail 8.12.8. It contains a fix for a critical security
>>problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force
>>for bringing this problem to our attention. Sendmail urges all users to
>>either upgrade to sendmail 8.12.8 or apply the patch for 8.12 that
>>is part of this announcement.
>
>
> Would people be willing to share filter rules for other MTAs to block
> offending messages on relays?
>
> Thanks,
I'm not sure how the exploit works, but if I understood the LSD-analysis
correctly, it uses the comment for the payload, and needs many <> in a
parsed header. With exim4, this ACL should/could help.
First it checks for the header-syntax, that will reject the <><><><>
used in the LSD-POC-code. The second condition should refuse to accept
comments longer than 20 chars.
acl_data = check_message
check_message:
require message = Invalid header syntax (Maybe sendmail exploit)
verify = header_syntax
deny message = Ohh, this looks like the sendmail-exploit
condition = ${if match {$h_from: $h_cc: $h_bcc: $h_reply_to: \
$h_sender: $h_to:} {\N\(.{21,}?\)\N}{1}{0}}
No warranty ;)
Nico Erfurth
Powered by blists - more mailing lists