Re: [cobalt-security] Sendmail Log Message

[DNSAdmin <dnsadmin@xxxxxxxxxxxxx>]

At 09:16 AM 6/27/2003 -0500, you wrote:
> At 08:54 AM 6/27/2003, you wrote:
> > At 02:28 PM 6/27/2003 +0100, you wrote:
> >
> > > Recently I have started to get this log report
> > >
> > > sendmail: Truncated MIME Content-Disposition header due to field size 
> > > (possible
> > > attack)
> > >
> > > Is this something that I can prevent and stop? I'm running fully patched 
> > > raq3
> > > and raq4r and message appears in both logfiles.
> >
> > It is the SoBig.E virus being sent to user's mailboxes. It hit my mail 
> > server as quickly as I read the news about it yesterday and numerous 
> > times. Interestingly, the news about the virus does not report that it is 
> > sending an oversize mail header. Is this an indication that it was 
> > designed to take advantage of the sendmail vulnerability that we patched 
> > a few months ago? You did patch for the oversized header vulnerability 
> > didn't you?
>
>
> Was that a cobalt patch or a non-cobalt patch?
I run email on a RaQ3, for which there is not a Sun patch. I used the 
SolarSpeed patch. I also have a RaQ4 doing mail and I initially patched 
with SolarSpeed, but later removed it and applied the Sun patch when it 
became available.

Cheers!