On 09 Jul 2001 15:12:53 -0400, Jonathan M. Slivko wrote:
> What is the exact nature of this bug in poprelay? -- Jonathan
The nature of the problem is in how poprelayd reads the mail log file.
It looks for a string in a certain format, and when that format matches,
it inputs the ip address into the relaying tables. The string it looks
for is one that matches a successful login. The problem is that there
is no bound checking happening. This allows a remote user to input a
string that matches the correct login line in a SMTP transaction.
This will add the specified IP address to the relay tables allowing a
remote user to send mail through the device.
We have rolled together a new poprelayd rpm that addresses this issue.
It hasn't been tested fully yet, but you can download it from the
following address:
ftp://ftp.cobaltnet.com/pub/experimental/RPMS/poprelayd-2.0-4.noarch.rpm
md5sum: 52af3c84c93914908ced089526521330
Please let me know if you find any issues with this version.
Jeff
--
Jeff Lovell
Sun Microsystems Inc.
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
