clarity
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
clarity
by Oliver Block-8
::
Rate this Message:
Hello everyone,
these days you can read dozens of articles that implicitely claim that the following code will produce more than one mail message at a time if used by a malicous user. I doubt that it is true, but I'd like to ask here, because you know your mta better than I. The c code to access sendmail is the following: ... errno = 0; sendmail = popen(sendmail_cmd, "w"); if (sendmail) { ... fprintf(sendmail, "To: %s\n", to); fprintf(sendmail, "Subject: %s\n", subject); if (hdr != NULL) { fprintf(sendmail, "%s\n", hdr); } fprintf(sendmail, "\n%s\n", message); ret = pclose(sendmail); ... Let's assume that a pipe has been opened successfuly to sendmail (qmail-inject). Now some say that if content of hdr can be manipulated in a way that it contains something like the following would make sendmail (and other mtas) to produce *two* messages (because of the dot which indeed is an indicator of the end of a message for SMTP in RFC2821). But if I am right, we do not "talk" SMTP here. In their imagination the content could be e.g. To: someone@somewhere Subject: inquiry From: fake@addresse To: spam@... BCC: spam@..., spam@..., spam@... Subject: Buy cheap Viagra! Buy cheap Viagra and Vicodine here: http://spamsite.com/ . [headers for message 2] Hallo, habe eine Frage. . I am not asking about the possibility of multiple copies caused by the Bcc header field, but only, if a single dot in one line followed by CRLF or LF will make sendmail to send two different messages. Has sendmail ever been prone to that in earlier versions ? BTW: I think it is important to be security aware and I do not want to ridicule concerns regarding secure software and also not those who publish that. Best regards, Oliver Block |
|
|
Re: clarity
by Charles Cazabon-17
::
Rate this Message:
Oliver Block <tellme@...> wrote:
> > Let's assume that a pipe has been opened successfuly to sendmail > (qmail-inject). > > Now some say that if content of hdr can be manipulated in a way that it > contains something like the following would make sendmail (and other > mtas) to produce *two* messages (because of the dot which indeed is an > indicator of the end of a message for SMTP in RFC2821). But if I am > right, we do not "talk" SMTP here. qmail doesn't treat this as an SMTP conversation, and therefore will not create multiple messages via this sort of "trick". It never has. sendmail or other MTAs may have been vulnerable to this sort of exploit at some point; if you're interested in that, you could consult a sendmail/etc mailing list. Charles -- -------------------------------------------------------------------------- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html -------------------------------------------------------------------------- |
| Free embeddable forum powered by Nabble | Forum Help |
