Vulnerability Development mailing list archives
Re: procmail / Sendmail - five bugs
From: 3APA3A () SECURITY NNOV RU (3APA3A)
Date: Fri, 14 Jan 2000 11:33:48 +0300
Hello Gregory, Thursday, January 13, 2000, 8:14:55 PM, you wrote: lcamtuf>> # maximum number of children we allow at one time lcamtuf>> O MaxDaemonChildren=15 GNS> Yes, MaxDaemonChildren will avoid this sort of denial of service attack. GNS> However, the fact that sendmail buffers up commands after a remote side GNS> drops its connection is a bug. This bug will be fixed in the next 8.10.0 GNS> beta release. O MaxDaemonChildren=15 will avoid system crash and host rebooting but not sendmail DoS, because sendmail will not accept any connection until "frozen" child processes will be killed. The best way to avoid this vulnerability is to switch off ETRN feature by O PrivacyOptions=noetrn -- Best regards, 3APA3A http://www.security.nnov.ru
Current thread:
- Re: procmail / Sendmail - five bugs Gregory Neil Shapiro (Jan 13)
- Re: procmail / Sendmail - five bugs 3APA3A (Jan 14)
- Re: procmail / Sendmail - five bugs CyberPsychotic (Jan 14)
- Re: procmail / Sendmail - five bugs Gregory Neil Shapiro (Jan 14)
- Re: procmail / Sendmail - five bugs CyberPsychotic (Jan 14)
- Re: procmail / Sendmail - five bugs 3APA3A (Jan 14)