From owner-freebsd-security Mon Feb 1 09:44:56 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA19443 for freebsd-security-outgoing; Mon, 1 Feb 1999 09:44:56 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from charon.npc.net (charon.finall.com [199.15.61.3] (may be forged)) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA19438 for ; Mon, 1 Feb 1999 09:44:54 -0800 (PST) (envelope-from mjung@npc.net) Received: from exchange.finall.com (exchange-gw.finall.com [10.0.158.37]) by charon.npc.net (8.9.1/8.8.8) with SMTP id MAA25715 for ; Mon, 1 Feb 1999 12:44:51 -0500 (EST) (envelope-from mjung@npc.net) Received: by exchange.finall.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BE4DDF.076B2260@exchange.finall.com>; Mon, 1 Feb 1999 12:33:11 -0500 Message-ID: From: "Jung, Michael" To: "'Igor Roshchin'" , "'security@FreeBSD.ORG'" Subject: RE: Sendmail- headers Date: Mon, 1 Feb 1999 12:33:10 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does this ever happen elsewhere in the message? If si and you have a Cisco PIX firewall this is a known problem using the "mailhost" statement. If so look at cisco's site for a resolution. We had this exact problem a while back --mikej Michael Jung mjung@npc.net >-----Original Message----- >From: Igor Roshchin [SMTP:igor@physics.uiuc.edu] >Sent: Friday, January 29, 1999 5:30 PM >To: security@FreeBSD.ORG >Subject: Sendmail- headers > > >Hello! > >Sorry, if I am asking about some which has been stated clearly. >I just looked in the archives and haven't found the clear answer. > >This week I've received two messages which indicate an attempt >of the header overflow (I think) in the sendmail. >Remembering some discussion recently on one of the lists, >I am not sure if this overflow can result in any break in >or just might cause identity forgering (so, to prevent identification >of the sender and/or his host) ? > >I am running Sendmail 8.8.5/8.7.3 on a 2.1.7.1 -> 2.1-STABLE >Yes, I know it's outdated and the upgrade is pending, >but I am concerned if there was a break in this way, and whether I should >worry about detection of any traces of it. > >The headers are: > > >Return-Path: aho@aho.ne >Received: from >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >xxx >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >Date: Fri, 29 Jan 1999 08:50:44 -0500 (EST) >From: aho@aho.ne >Message-Id: <199901291350.IAA10527@MYHOST.CHANGED.BY.ME.FOR.SECURITY.REASONS> >To: kei37@geocities.co.jp >Subject: test >X-Mailer: Microsoft Outlook Express 4.72.2106 > > > >Thanks, > >Igor > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message