Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [security-alerts] FW: [SA21637] Sendmail Long Header Denial of Service Vulnerability

To: "eugeny gladkih" <john@xxxxxxxxx>
Subject: RE: [security-alerts] FW: [SA21637] Sendmail Long Header Denial of Service Vulnerability
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Tue, 29 Aug 2006 12:41:34 +0400
Cc: <security-alerts@xxxxxxxxxxxxxx>
Content-class: urn:content-classes:message
Content-length: 1385
In-reply-to: <878xl80yn7.fsf@xxxxxxxxxx>
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcbLP9PNco7J+M0UR7eW/xf3PkKbFAABpFKg
Thread-topic: [security-alerts] FW: [SA21637] Sendmail Long Header Denial of Service Vulnerability


> -----Original Message-----
> From: eugeny gladkih [mailto:john@xxxxxxxxx] 
> Sent: Tuesday, August 29, 2006 11:50 AM
> To: Kazennov, Vladimir
> Cc: security-alerts@xxxxxxxxxxxxxx
> Subject: Re: [security-alerts] FW: [SA21637] Sendmail Long 
> Header Denial of Service Vulnerability
> 
> >>>>> "KV" == Kazennov, Vladimir 
> <Vladimir.Kazennov@xxxxxxxxxx> writes:
> 
>  >> TITLE:
>  >> Sendmail Long Header Denial of Service Vulnerability
>  >> 
> 
> уже даже не смешно... 

Цитирую первоисточник:

"A potential denial of service problem has been found in sendmail. A message 
with really long header lines could trigger a use-after-free bug causing 
sendmail to crash."

Index: gnu/usr.sbin/sendmail/sendmail/main.c
===================================================================
RCS file: /cvs/src/gnu/usr.sbin/sendmail/sendmail/main.c,v
retrieving revision 1.21
retrieving revision 1.21.8.1
diff -u -p -r1.21 -r1.21.8.1
--- gnu/usr.sbin/sendmail/sendmail/main.c       24 Jun 2004 03:59:27 -0000      
1.21
+++ gnu/usr.sbin/sendmail/sendmail/main.c       8 Aug 2006 20:20:42 -0000       
1.21.8.1
@@ -2893,6 +2893,7 @@ finis(drop, cleanup, exitstat)
                                dropenvelope(CurEnv, true, false);
                                sm_rpool_free(CurEnv->e_rpool);
                                CurEnv->e_rpool = NULL;
+                               CurEnv->e_to = NULL;
                        }
                        else
                                poststats(StatFile);

> 
> -- 
> Yours sincerely, Eugeny.
> Doctor Web, Ltd. http://www.drweb.com
>

References:
- Re: [security-alerts] FW: [SA21637] Sendmail Long Header Denial of Service Vulnerability
  - From: eugeny gladkih

Prev by Date: Re: [security-alerts] FW: [SA21637] Sendmail Long Header Denial of Service Vulnerability
Next by Date: [security-alerts] FW: [EXPL] Microsoft Windows NetpIsRemote() Remote Overflow (Exploit, MS06-040)
Previous by thread: Re: [security-alerts] FW: [SA21637] Sendmail Long Header Denial of Service Vulnerability
Next by thread: [security-alerts] FW: [EXPL] Microsoft Windows NetpIsRemote() Remote Overflow (Exploit, MS06-040)
Index(es):
- Date
- Thread