Security Incidents mailing list archives

Re: is this new ...

From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Mon, 26 May 2003 10:43:52 -0600

On Sat, May 24, 2003 at 07:22:18AM -0700, terry white wrote:


... anyone know what this is:

"May 24 05:42:31 yossarian sendmail[3835]: h4OCg7Da003834: Fixed MIME
 Content-Disposition header field (possible attack)"


One of the last two Sendmail remote root fixes included an additional
fix that can be compiled out if you request to do so.  The fix corrects
the above to render the possible attack less damaging.

The note in sendmail's Release notes is:

To provide partial protection to internal, unpatched sendmail MTAs,
                8.12.9 changes by default (char)0xff to (char)0x7f in
                headers etc.  To turn off this conversion compile with
                -DALLOW_255 or use the command line option -d82.101.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Current thread:

is this new ... terry white (May 26)
- Re: is this new ... Brad Arlt (May 26)
- Re: is this new ... George Theall (May 27)