Bugtraq mailing list archives

about sendmail 8.8.8 HELO hole

From: gshapiro () SENDMAIL ORG (Gregory Neil Shapiro)
Date: Tue, 26 May 1998 20:15:16 -0700


-----BEGIN PGP SIGNED MESSAGE-----

"root" == Valentin Pavlov <root () PNS NETBG COM> writes:


root> I assume this this is pretty old (10 Jan 1998) but still...

...

root> From: Gregory Neil Shapiro <sendmail+gshapiro () sendmail org>

root> I was able to reproduce the header problem by lengthening the HELO string
root> in your script.

root> [...]

root> This will be fixed in sendmail 8.9.

This bug was fixed in version 8.9.0 of sendmail (released last week).  From
the RELEASE_NOTES file:

8.9.0/8.9.0     98/05/19
...
        Limit the size of the HELO/EHLO parameter to prevent spammers
                from hiding their connection information in Received:
                headers.

The current version is available at ftp://ftp.sendmail.org/pub/sendmail/.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNWuFOHxLZ22gDhVjAQGj7AQAnAQwzfOX3W2/VfxBK2mFPAeQDLPzNcno
17r3It8gjKhhWAELUEJNvwpv658/nC75CNMc8iYOmgipYAG4gZCuifUL8U95ME+g
xNfXZao2mga8KTSS9GvcaiyLFTbwuXd4qNCM71fUsItQEF5uN+rpL+8qnvlvra2q
HUvcdRWdp3c=
=jpLy
-----END PGP SIGNATURE-----

Current thread:

about sendmail 8.8.8 HELO hole Valentin Pavlov (May 22)
- about sendmail 8.8.8 HELO hole Gregory Neil Shapiro (May 26)
- Re: about sendmail 8.8.8 HELO hole Zach White (May 26)
- Problem with ascend pipeline routers. Eric Thacker (May 26)
  - Re: Problem with ascend pipeline routers. Joe Shaw (May 28)
  - Ascend Pipeline DoS Jeff Wheeler (May 29)
- MS Exchange vulnerable. (was: about sendmail 8.8.8 HELO hole) Yuri Krichevsky (May 27)