Bugtraq mailing list archives
Re: Don't want to replace IDA sendmail
From: nlawson () statler csc calpoly edu (Nathan Lawson)
Date: Thu, 18 May 1995 02:02:54 -0700 (PDT)
So does anyone know exactly what the problem is? The 8lgm report is (sadly) too vague to be of much use.
I believe this advisory refers to newlines in the From part of a message. By specifying sendmail -F, a user can supply a string as the From name for a message. This string could be any nasty sequence of characters and if the mail was queued (i.e. the host was down), the next queue run would activate the modified file.
Could I maybe patch IDA so I don't have to worry about the port to V8 right now (I was going to get around to it, but haven't had and don't have the time....)?
You could patch the input routines to only take alphanumeric and a small subset of punctuation characters as input. -- Nathan Lawson \ Never let your schooling interfere with your education. CSL 490/News Admin \ (805)756-7180 @Work \ "The steady state of disks is full." -- Ken Thompson ---------------------
Current thread:
- ARG! Pete Hartman (May 17)
- Re: Don't want to replace IDA sendmail Nathan Lawson (May 18)
- Re: Don't want to replace IDA sendmail Yossi Gottlieb (May 18)
- Re: Don't want to replace IDA sendmail Catherine Allen (May 18)
- Re: Don't want to replace IDA sendmail Yossi Gottlieb (May 18)
- Sendmail-8+IDA (was: Re: ARG!) Ben Golding (May 19)
- nearest chip shop? Karl Strickland (May 19)
- Re: Don't want to replace IDA sendmail Nathan Lawson (May 18)