From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 10:57:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C06F937B425 for ; Mon, 31 Mar 2003 10:57:15 -0800 (PST) Received: from dragon.realtime.net (dragon.realtime.net [205.238.132.78]) by mx1.FreeBSD.org (Postfix) with SMTP id ECC2643FAF for ; Mon, 31 Mar 2003 10:57:14 -0800 (PST) (envelope-from albert@realtime.net) Received: from r00t.realtime.net ([205.238.159.6]) by dragon.realtime.net ; Mon, 31 Mar 2003 12:56:53 -0600 Message-Id: <5.1.1.6.2.20030331123724.038c3008@pop3.realtime.net> X-Sender: albert@pop3.realtime.net X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Mon, 31 Mar 2003 12:48:14 -0600 To: freebsd-isp@freebsd.org From: Albert Meyer In-Reply-To: <16008.32806.270326.501687@emerger.yogotech.com> References: <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Sendmail exploit X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 18:57:17 -0000 At 10:51 AM 3/31/2003 -0700, Nate Williams wrote: >If I understand things correctly, if you allow your machine to connect >to outside boxes through the firewall, then it can be exploited, since >it will initiate connections to external boxes that can use the >connection to do bad things to your box. The advisory seemed to be saying that the exploit was message-based, so that a message could pass through a patched machine, then through the firewall to an unpatched machine. If that's the case, there would be no danger relating to the unpatched box making outgoing connections. If I understood the advisory correctly, the danger would arise when a malicious message comes in, is checked for viruses and spam, and then gets passed to an unpatched machine behind the firewall. If this could occur, but could only cause DOS conditions, I could live with it. If this could allow an attacker to gain root access to machines behind the firewall, then I would have to drop everything I'm doing and spend the next few days patching sendmail machines.