[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sendmail header buffer overflow vulnerability, and what ZMailer can do..
On Wed, Mar 05, 2003 at 02:57:26PM +0200, Matti Aarnio wrote:
> In default case the current ZMailer passes arrived message headers
> onwards as is, sometimes perhaps folding things, but usually not.
> Always, however, scanning header syntaxes (of course only those it
> knows about, and cares about: from/to/cc/bcc +resent variants.)
>
> The lattest sendmail header buffer overflow thing appears to demand
> syntactically invalid header, therefore adding -W option to
> your zmailer.conf ROUTEROPTIONS= will enable the old code
> that rewrites headers with invalid syntax into:
In case the headers are syntactically correct (e.g. 8-bit stuff
in comment, or text item), all transport-agents do:
8-bit header: 'To: <mea@zmailer.org> (הצוווההצהצ)'
After processing: 'To: <mea@zmailer.org> =?ISO-8859-1?Q?(=E4=F6=E5=E5=E5=E4=E4=F6=E4=F6?=)'
which very effectively immunizes the thing.
This happens only in versions since around 1994-1996 or
there abouts... (Not in Toronto 2.2 series.)
--
/Matti Aarnio <mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi