Date: Mon, 31 Mar 2003 12:48:14 -0600 From: Albert Meyer <albert@realtime.net> To: freebsd-isp@freebsd.org Subject: Re: Sendmail exploit Message-ID: <5.1.1.6.2.20030331123724.038c3008@pop3.realtime.net> In-Reply-To: <16008.32806.270326.501687@emerger.yogotech.com> References: <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:51 AM 3/31/2003 -0700, Nate Williams wrote: >If I understand things correctly, if you allow your machine to connect >to outside boxes through the firewall, then it can be exploited, since >it will initiate connections to external boxes that can use the >connection to do bad things to your box. The advisory seemed to be saying that the exploit was message-based, so that a message could pass through a patched machine, then through the firewall to an unpatched machine. If that's the case, there would be no danger relating to the unpatched box making outgoing connections. If I understood the advisory correctly, the danger would arise when a malicious message comes in, is checked for viruses and spam, and then gets passed to an unpatched machine behind the firewall. If this could occur, but could only cause DOS conditions, I could live with it. If this could allow an attacker to gain root access to machines behind the firewall, then I would have to drop everything I'm doing and spend the next few days patching sendmail machines.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.1.6.2.20030331123724.038c3008>