[6833] in bugtraq
about sendmail 8.8.8 HELO hole
daemon@ATHENA.MIT.EDU (Gregory Neil Shapiro)
Wed May 27 00:43:01 1998
Date: Tue, 26 May 1998 20:15:16 -0700
Reply-To: Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG>
From: Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG>
X-To: Valentin Pavlov <root@PNS.NETBG.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980522121734.11307A-100000@pns.netbg.com>
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "root" == Valentin Pavlov <root@PNS.NETBG.COM> writes:
root> I assume this this is pretty old (10 Jan 1998) but still...
...
root> From: Gregory Neil Shapiro <sendmail+gshapiro@sendmail.org>
root> I was able to reproduce the header problem by lengthening the HELO string
root> in your script.
root> [...]
root> This will be fixed in sendmail 8.9.
This bug was fixed in version 8.9.0 of sendmail (released last week). From
the RELEASE_NOTES file:
8.9.0/8.9.0 98/05/19
...
Limit the size of the HELO/EHLO parameter to prevent spammers
from hiding their connection information in Received:
headers.
The current version is available at ftp://ftp.sendmail.org/pub/sendmail/.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBNWuFOHxLZ22gDhVjAQGj7AQAnAQwzfOX3W2/VfxBK2mFPAeQDLPzNcno
17r3It8gjKhhWAELUEJNvwpv658/nC75CNMc8iYOmgipYAG4gZCuifUL8U95ME+g
xNfXZao2mga8KTSS9GvcaiyLFTbwuXd4qNCM71fUsItQEF5uN+rpL+8qnvlvra2q
HUvcdRWdp3c=
=jpLy
-----END PGP SIGNATURE-----
