>
> toon @
cem-bb .
e-mail .
com wrote:
> >Some1 told me that 'I have to filter out VERIFY and EXPAND when letting
> >mail through my firewall'. Can some1 explain me what this means?
>
>
> >BACKGROUND: The vulnerability is exploited through the use of the SMTP
> >"EXPN" and "VRFY" commands offered by all versions of "sendmail." A
> >buffer-overrun problem is present in the implementation of these
> >commands that allows the executable code of the "sendmail" process to
> >be overwritten. This executable code can do anything the author
> >wants, and is run with super-user permissions.
>
> This can be fixed by patching the sendmail binary; the CIAC bulletin
> has directions on how to do this. Alternatively, use an appropriate
> (8.6.10 or later) version of sendmail.
Until the next time they add some creeping featureism that
is implemented sloppily so you can overrun a buffer. Hmm.. that can't
happen that often with sendmail can it? ;-)
Seriously though the point is that VRFY and EXPAND can be used
by an attacker to get potentially useful information. Run a
store-forward proxy like smtpd/smtpfwdd or smapd/smap upstream of your
"real" sendmail/Big-Honking-MTA-of-The-Week. Then you have much less
concern about either problem.
-Bob
--
Bob Beck Obtuse Systems Corporation
beck @
obtuse .
com http://www.obtuse.com/
True Evil hides its real intentions in its street address. Search and you
shall find it, and the truth shall set you free.
References:
|
|
