| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.21.0606211331030.3840-100000@linuxbox.org> Date: Wed, 21 Jun 2006 13:32:00 -0500 (CDT) From: Gadi Evron <ge@...uxbox.org> To: "Jain, Siddhartha" <Siddhartha.Jain@...-tencor.com> Cc: bugtraq@...urityfocus.com Subject: Re: Sendmail MIME DoS vulnerability On Tue, 20 Jun 2006, Jain, Siddhartha wrote: > Hi, > > I am trying to understand how the below mentioned sendmail > vulnerability. > http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc > > The description says that the DoS occurs when sendmail goes in a deeply > nested malformed MIME message and uses the MIME 8-bit to 7-bit > conversion function. Under what conditions would sendmail use the MIME > 8-bit to 7-bit function? Only when the remote MTA doesn't understand > 8-bit MIME, right? > > That would mean that a malicious user would have to force the victim MTA > to relay the malformed mail to a MIME 7-bit-only MTA for the attack to > succeed. This probably means that open relays and ISP SMTP servers are > more vulnerable than purely incoming SMTP servers. > > I am just trying to make sense of the advisory and the possible threat > of exploit. I didn't understand at first, either. As I attributed it to the DATA part of the message. Apparently sendmail is smart enough to prevent the message from not reaching the other side due to breakage using this. But I don't get it completely yet. Gadi. > > > Thanks, > > - Siddhartha >
Powered by blists - more mailing lists