Forwarded From: "Prosser, Mike" <Mike_Prosserat_private> [If you are running Sendmail 8.9.1, this might interest you. Supposedly a pre-emptive fix to the long file name problem in mail handlers -mike] Sendmail posts fix for email glitch By Randy Weston <mailto:randywat_private> Staff Writer, CNET NEWS.COM August 11, 1998, 11:25 a.m. PT The slew of email program security holes found in recent weeks is prompting one of the leading makers of server-based routing software to develop its own solution to the problem. Sendmail <http://www.sendmail.com/> in Emeryville, California, is to post today a patch that can be installed on its email server software, preventing companies from having to undergo the laborious task of installing patches on sometimes thousands of PCs spread out around a company. The patch cures security holes </News/Item/0,4,24668,00.html> that currently affect Netscape Communications' <http://www.netscape.com/> Communicator email system and Microsoft's <http://www.microsoft.com/> Outlook and Outlook Express email software. While the security flaw is not in the server software, Sendmail began developing the server-based patch at the urging of the nonprofit Computer Emergency Response Team <http://www.cert.org/>, or CERT. The organization is based at Carnegie Mellon University <http://www.cmu.edu/> and focuses on Internet security issues. According to Sendmail executives, the patch they developed truncates long headers before they arrive in end users' mailboxes based on the setting of a new option. The "long file name" security glitch affects the way email clients handle file attachments with extremely long file names. When a user attempts to download, open, or launch a file attachment that has a name greater than 200 characters in length, the action might cause the email software to crash. At that point, a skilled hacker could possibly run arbitrary code in the computer's memory, according to a security bulletin posted recently by Microsoft. The patch, which is available for free, is for Version 8.9.1 of Sendmail's email routing system. Users can find the patch at Sendmail's Web site <http://www.sendmail.com/sendmail.8.9.1a.html>. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:51 PDT