| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030307194927.GD10471@rahul.net>
Date: Fri, 7 Mar 2003 14:49:27 -0500
From: Bennett Todd <bet@...ul.net>
To: Florian Weimer <Weimer@...T.Uni-Stuttgart.DE>
Subject: Re: sendmail 8.12.8 available
On Mon, 3 Mar 2003, Florian Weimer wrote:
> Would people be willing to share filter rules for other MTAs to
> block offending messages on relays?
Wietse Venema offered the following responses for Postfix. First out
of the gate was [1], this regexp-based quick-response; capable of
false-positives, but not as scary as might be feared since it only
looks in the headers (place this in a regexp map, assign that to
header_checks):
/<><><><><><>/ reject possible CA-2003-07 sendmail buffer overflow exploit
Then he came out with [2], a new release of postfix with
functionality like that of patched sendmail, sanitizing messages
as they pass through and logging when it does so. This enhancement
he then broke out as a light patch [3] to apply against most
versions of postfix that might be in use, for people who'd like the
protection without having to upgrade to a newer version.
To be clear here: Postfix is not itself susceptible to this problem.
The only purpose for this patch is to allow Postfix to mung messages
to protect vulnerable sendmails downstream from it.
-Bennett
[1] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0254.html>
[2] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0402.html>
[3] <URL:http://archives.neohapsis.com/archives/postfix/2003-03/0487.html>
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists