[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] poprelay: serious security bug

Subject: Re: [cobalt-security] poprelay: serious security bug
From: Jeff Lovell <jlovell@xxxxxxx>
Date: 09 Jul 2001 13:42:22 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 09 Jul 2001 15:12:53 -0400, Jonathan M. Slivko wrote:
> What is the exact nature of this bug in poprelay? -- Jonathan

The nature of the problem is in how poprelayd reads the mail log file.
It looks for a string in a certain format, and when that format matches,
it inputs the ip address into the relaying tables.  The string it looks
for is one that matches a successful login.  The problem is that there
is no bound checking happening.  This allows a remote user to input a
string that matches the correct login line in a SMTP transaction.

This will add the specified IP address to the relay tables allowing a
remote user to send mail through the device.

We have rolled together a new poprelayd rpm that addresses this issue.
It hasn't been tested fully yet, but you can download it from the
following address:

ftp://ftp.cobaltnet.com/pub/experimental/RPMS/poprelayd-2.0-4.noarch.rpm
md5sum: 52af3c84c93914908ced089526521330

Please let me know if you find any issues with this version.

Jeff
-- 
Jeff Lovell
Sun Microsystems Inc.

Follow-Ups:
- Re: [cobalt-security] poprelay: serious security bug
  - From: Carrie Bartkowiak

References:
- Re: [cobalt-security] poprelay: serious security bug
  - From: Jonathan M. Slivko

Prev by Date: [cobalt-security] New poprelayd rpm available
Next by Date: Re: [cobalt-security] New poprelayd rpm available
Previous by thread: Re: [cobalt-security] poprelay: serious security bug
Next by thread: Re: [cobalt-security] poprelay: serious security bug

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index