Date: Fri, 21 Apr 2000 19:54:02 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: sendmail-bugs@sendmail.org, ports@FreeBSD.org Cc: aleph1@securityfocus.com Subject: P.S. to sorry Message-ID: <11829.000421@SECURITY.NNOV.RU>
next in thread | raw e-mail | index | archive | help
Hello, It doesn't mean that there is no fgets() problem in mail.local - there is fgets() then checking incoming mail for ".\n" in LMTP mode. Text "(2047 chars).\n" will be treated as an end of the message and the rest of the text will be treated as LMTP commands. This allows for attacker to insert any LMTP commands inside e-mail message. (as I remember sendmail can use LMTP, I don't remember if it is default behavior or not). It can be very unpleasant. I just need to rewrite report :) Sorry for this e-mail flood... http://www.security.nnov.ru /\_/\ { . . } |\ +--oQQo->{ ^ }<-----+ \ | 3APA3A U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11829.000421>