sendmail header buffer overflow vulnerability, and what ZMailer can do..

[Matti Aarnio <mea@nic.funet.fi>]

In default case the current ZMailer passes arrived message headers
onwards as is, sometimes perhaps folding things, but usually not.
Always, however, scanning header syntaxes (of course only those it
knows about, and cares about:  from/to/cc/bcc +resent variants.)

The lattest sendmail header buffer overflow thing appears to demand
syntactically invalid header, therefore adding   -W   option to
your  zmailer.conf    ROUTEROPTIONS=   will enable the old code
that rewrites headers with invalid syntax into:

   Illegal-Object: explanation
        Original-Header: original header data
           all folded and idented
        adding some syntax analyzer data..

Now the remaining question is, will that render such headers
non-virulent ?


This facility has always existed in ZMailers all the way from 2.2
series in Toronto.  Sometime latter I disabled it conditionally,
and added "-W" option to router.

If your system does not accept "-W" for router command-line options,
then this is unconditional behaviour.

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi