Re: about sendmail 8.8.8 HELO hole

From: Zach White (zachat_private)
Date: Tue May 26 1998 - 22:17:34 PDT

Next message: Walter Misar: "Re: HP-UX finger possible security hole"

Previous message: hofmannat_private-WUERZBURG.DE: "Re: HP-UX finger possible security hole"
Maybe in reply to: Gregory Neil Shapiro: "about sendmail 8.8.8 HELO hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valentin Pavlov wrote:
> -----Original Message-----
> From: Michał Zalewski <lcamtufat_private>
> To: infoat_private <infoat_private>
> Date: 10 stycznia 1998 12:28
> Subject: Sendmail 8.8.8 (qmail?) HELO hole.
>
>
> Here's a brief description of Sendmail (qmail) hole I found
> recently:
>
> When someone mailbombs you, or tries to send fakemail, spam, etc -
> sendmail normally attachs sender's host name and it's address
> to outgoing message:
*snip*

I just checked qmail to see if it was vunerable, and qmail 1.02 is
safe because it displays the host before the helo string (It also
displayed the complete helo string, about 2000 characters). Another
exploit in sendmail and still none for qmail. ;)

--
***** Zach White [/\] ClipperNet Internet Access Services *****
***** Finger zachat_private for public PGP key *****

Next message: Walter Misar: "Re: HP-UX finger possible security hole"
Previous message: hofmannat_private-WUERZBURG.DE: "Re: HP-UX finger possible security hole"
Maybe in reply to: Gregory Neil Shapiro: "about sendmail 8.8.8 HELO hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:54 PDT