Sendmail exploit
Albert Meyer
albert at realtime.net
Mon Mar 31 10:57:17 PST 2003
At 10:51 AM 3/31/2003 -0700, Nate Williams wrote:
>If I understand things correctly, if you allow your machine to connect
>to outside boxes through the firewall, then it can be exploited, since
>it will initiate connections to external boxes that can use the
>connection to do bad things to your box.
The advisory seemed to be saying that the exploit was message-based, so
that a message could pass through a patched machine, then through the
firewall to an unpatched machine. If that's the case, there would be no
danger relating to the unpatched box making outgoing connections. If I
understood the advisory correctly, the danger would arise when a malicious
message comes in, is checked for viruses and spam, and then gets passed to
an unpatched machine behind the firewall. If this could occur, but could
only cause DOS conditions, I could live with it. If this could allow an
attacker to gain root access to machines behind the firewall, then I would
have to drop everything I'm doing and spend the next few days patching
sendmail machines.
More information about the freebsd-isp
mailing list