Re: Sendmail up to 8.9.1 - mail.local instroduces new class of

From: Brett Lymn (blymnat_private)
Date: Mon Aug 10 1998 - 18:49:51 PDT

Next message: Crispin Cowan: "Netscape Exploit? Mozilla?"

Previous message: Arnvid L. Karstad: "Yet another DOS/Exploit in ICQ??????"
Next in thread: Kari E. Hurtta: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to Jonathan Stott:
>
>A better fix would be to use procmail, or /bin/mail, or some other
>program for local mail delivery.
>

A lot of people have been recommending putting procmail in to perform
filtering of mail as an adjunct to sendmail.  I did a quick grep for
the notorious strc{at,py} commands in the procmail source and found
quite a few.  I have not analysed the code but people putting in
filters now to prevent the recent problems with mime et al could be
(I said _could_be_) leaving themselves open for a more subtle exploit
later on via procmail overflows.

--
Brett Lymn, Computer Systems Administrator, British Aerospace Australia
===============================================================================
  And the monks would cry unto them, "Keep the bloody noise down!"
  - Mort, Terry Pratchett.

Next message: Crispin Cowan: "Netscape Exploit? Mozilla?"
Previous message: Arnvid L. Karstad: "Yet another DOS/Exploit in ICQ??????"
Next in thread: Kari E. Hurtta: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:58 PDT