On 15-Feb-01 Togan Muftuoglu wrote:
Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Feb 15 19:14:16 isguzar sendmail[1559]: f1FHEAM01558: Truncated MIME Content-Disposition header due to field size (possible attack)
Ok I have checked all the logs but could not found any critacal accept output from SuSE firewall 4.2 logs
Older versions of sendmail (8.8.3, 8.8.4) had a bug in the process of MIME conversion from 7 to 8 bit due to insufficient bonds checking. It was possible to overwrite sendmails internal stack which caused a buffer overflow and root privileges for the attacker if sendmail has been configured to run as root. Patched and/or newer versions of sendmail are fixed and place some hints about such attack attempts in your syslog. On the other hand, there are some known problems with (older?) sendmail versions (<8.11.0/2) and MS Outlook 2000 and its MIME handling. If you have nodes in your network using this software you may perform some more testing. Send mails with attachements and watch your logfiles.
Any other places I have to look ?
-- Togan Muftuoglu
---
Boris Lorenz