linux, säkerhet

5289297 2000-07-21  21:06  /62 rader/ Postmaster
Mottagare: Bugtraq (import) <11845>
Ärende: Sendmail filter rule to stop Outlook exploit
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
X-Zen: Ommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
X-Files: the truth is out there
X-I-Am-Not-Simes: There is only one Simes
Message-ID:  <20000721180833.A24711@kzdoos.xs4all.nl>
Date:         Fri, 21 Jul 2000 18:08:33 +0200
Reply-To: Koos van den Hout <koos@KZDOOS.XS4ALL.NL>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Koos van den Hout <koos@KZDOOS.XS4ALL.NL>
Organization: Van den Hout Creative Communications
To: BUGTRAQ@SECURITYFOCUS.COM

Also on http://www.cetis.hvu.nl/~koos/outlookoverflow.txt
with tabs in the right places :)

#
# this is a filter to make sendmail reject messages with Date: headers
# that are too long. This is used in the latest Outlook exploit.
#
# You NEED:
# - a sendmail that understands regex maps. I had to specially compile this
#   into 8.11 ! Add to sendmail-8.11.0/devtools/Site/site.config.m4
#   define(`confMAPDEF',`-DMAP_REGEX') and rebuild from scratch
#
# The filter simply rejects messages with a date header longer (total!)
# then 60 chars
#
# Then add this part to your .mc file in the different areas and regenerate
# your .cf file
#
# 2000-07-21 Originally written
#
# if you cut and paste this:
# tabs are in use in the '^R' lines
#
# Koos van den Hout
# http://www.cetis.hvu.nl/~koos/
# http://www.virtualbookcase.com/
#

LOCAL_CONFIG
Klinetoolong regex -a@MATCH ^.{60,}$

LOCAL_RULESETS
HDate: $>+CheckDate

SCheckDate
R$*				$: $(linetoolong $1 $)
R@MATCHi		$#error $: 553 Date Header too long error
R$*i			$@ OK

--
Koos van den Hout,           PGP keyid RSA/1024 0xCA845CB5 via keyservers
koos@kzdoos.xs4all.nl        or DSS/1024 0xF0D7C263                        -?)
Fax +31-30-2817051               Visit my site about books with reviews    /\\
http://www.cetis.hvu.nl/~koos/   http://www.virtualbookcase.com/          _\_V
(5289297) ------------------------------------------