|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
header_checks REJECT rule for sendmail exploit
From: Wietse Venema (wietse
porcupine.org)
Date: Tue Mar 04 2003 - 10:46:33 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The header_checks pattern described below stops a recently posted
Sendmail buffer overflow exploit.
The exploit in question involves a sequence of <> character pairs.
Sendmail increments a buffer limit pointer when it finds '>' as
part of a correctly formatted email address in a message header.
This is a problem because Sendmail never decremented the buffer
limit pointer when it found the corresponding '<'. Thus, enough <>
pairs may cause Sendmail to write past the end of a fixed-length
(256 byte) buffer. This buffer is in static memory.
To activate the header_checks pattern, use regexp tables if your
system does not support PCRE tables. See "postconf -m" output to
find out what lookup tables are supported.
/etc/postfix/main.cf:
# Specify either regexp or pcre. pcre is usually faster.
header_checks = regexp:/etc/postfix/header_checks
header_checks = pcre:/etc/postfix/header_checks
/etc/postfix/header_checks:
# Presumed exploit for http://www.cert.org/advisories/CA-2003-07.html
/<><><><><><>/ reject possible CA-2003-07 sendmail buffer overflow exploit
Note: Postfix versions before 1.1 do not support text after "reject".
If you install this filter on a gateway machine, then the gateway
can protect internal Sendmail systems against mail from outside
that attempts to exploit this specific vulnerability.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]