[1828] in bugtraq
Re: Don't want to replace IDA sendmail
daemon@ATHENA.MIT.EDU (Nathan Lawson)
Thu May 18 06:56:39 1995
From: Nathan Lawson <nlawson@statler.csc.calpoly.edu>
To: pwh@bradley.bradley.edu (Pete Hartman)
Date: Thu, 18 May 1995 02:02:54 -0700 (PDT)
Cc: bugtraq@fc.net
In-Reply-To: <9505180555.AA01968@bradley.bradley.edu> from "Pete Hartman" at May 18, 95 00:55:37 am
> So does anyone know exactly what the problem is? The 8lgm report is
> (sadly) too vague to be of much use.
I believe this advisory refers to newlines in the From part of a message.
By specifying sendmail -F, a user can supply a string as the From name for
a message. This string could be any nasty sequence of characters and if the
mail was queued (i.e. the host was down), the next queue run would activate
the modified file.
> Could I maybe patch IDA so I don't
> have to worry about the port to V8 right now (I was going to get around to
> it, but haven't had and don't have the time....)?
You could patch the input routines to only take alphanumeric and a small
subset of punctuation characters as input.
--
Nathan Lawson \ Never let your schooling interfere with your education.
CSL 490/News Admin \
(805)756-7180 @Work \ "The steady state of disks is full." -- Ken Thompson
---------------------
