Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Should I care about this?
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Fri, 08 Feb 2002 15:51:14 +0100
  • Message-id: <3C63E5E2.3CD8FD30@xxxxxxx>
Yup,

Michael Appeldorn wrote:
>
> Am 08.02.2002 14:49:33, schrieb Jochen Kaechelin <jk@xxxxxxx>:
>
> >tail -f /var/log/warn:
> >
> >Feb 8 05:23:21 jochen sendmail[12473]: g184NLB12469: Truncated MIME
> >Content-Type header due to field size (length = 16) (possible attack)
> > ^ ^ ^ ^ ^ ^ ^ ^
> >
>
> And if I read the error-code step by step it seems to mean that the
> header that describes to content-type of the mime-content has an length
> longer then normally (may RFC) - so this can by a try to generate a buffer-overflow.

Exactly. The error message sendmail spew out was directed to a
truncation of the mime-header, which should only have 256 chars.
Sendmail protects itself from buffer overflow with this truncation.

Bof-attack - note down, investigate, and be careful, Jochen. It may be
an old Pegasus MUA version (which, among other MUAs, is known to create
these kinds of problems), but also could have been an attack.

Check your sendmail version, and consider updating to the latest
safe-stable release.

> Michael Appeldorn

Boris <bolo@xxxxxxx>
---

< Previous Next >
References