[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the security hole reported in Sendmail

I've heard from a couple of people that they can recreate the current Sendmail
bug in their ZMailer setup.

I have NOT been able to recreate any security problem on the two zmailer
systems I have tried, both running relatively aged versions.

It is of course possible I don't understand the Sendmail trick, but
I doubt it (I've seen logs sent to CERT, and I used to know it - I thought
everyone did).  I suspect the reporters of the problem inadvertently did
something rash, like make error messages have a real account as Sender:
or From: whose privileges are then propagated to any addresses sent to.
The default Sender: in error message texts is "mailer-daemon" for this
reason among others.

ZMailer out of the box is very paranoid about security, and this trick
and others like it were considered during the design of the per-address
privilege assignment and carryover rules.  But then, it is just a tool.