[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] poprelay: serious security bug
- Subject: Re: [cobalt-security] poprelay: serious security bug
- From: Jeff Lovell <jlovell@xxxxxxx>
- Date: 09 Jul 2001 13:42:22 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 09 Jul 2001 15:12:53 -0400, Jonathan M. Slivko wrote:
> What is the exact nature of this bug in poprelay? -- Jonathan
The nature of the problem is in how poprelayd reads the mail log file.
It looks for a string in a certain format, and when that format matches,
it inputs the ip address into the relaying tables. The string it looks
for is one that matches a successful login. The problem is that there
is no bound checking happening. This allows a remote user to input a
string that matches the correct login line in a SMTP transaction.
This will add the specified IP address to the relay tables allowing a
remote user to send mail through the device.
We have rolled together a new poprelayd rpm that addresses this issue.
It hasn't been tested fully yet, but you can download it from the
following address:
ftp://ftp.cobaltnet.com/pub/experimental/RPMS/poprelayd-2.0-4.noarch.rpm
md5sum: 52af3c84c93914908ced089526521330
Please let me know if you find any issues with this version.
Jeff
--
Jeff Lovell
Sun Microsystems Inc.