BugTraq
Sendmail MIME DoS vulnerability Jun 20 2006 10:57PM
Jain, Siddhartha (Siddhartha Jain kla-tencor com) (2 replies)
Hi,

I am trying to understand how the below mentioned sendmail
vulnerability.
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

The description says that the DoS occurs when sendmail goes in a deeply
nested malformed MIME message and uses the MIME 8-bit to 7-bit
conversion function. Under what conditions would sendmail use the MIME
8-bit to 7-bit function? Only when the remote MTA doesn't understand
8-bit MIME, right?

That would mean that a malicious user would have to force the victim MTA
to relay the malformed mail to a MIME 7-bit-only MTA for the attack to
succeed. This probably means that open relays and ISP SMTP servers are
more vulnerable than purely incoming SMTP servers.

I am just trying to make sense of the advisory and the possible threat
of exploit.

Thanks,

- Siddhartha

[ reply ]
Re: Sendmail MIME DoS vulnerability Jun 24 2006 05:51AM
Claus Assmann ca+bugtraq (at) zardoc.endmail (dot) org [email concealed] (ca+bugtraq zardoc endmail org)
Re: Sendmail MIME DoS vulnerability Jun 21 2006 06:32PM
Gadi Evron (ge linuxbox org)


 

Privacy Statement
Copyright 2010, SecurityFocus