[Please upgrade if you use Postfix. Vendor packages should be coming out in a few days -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Return-Path: <[EMAIL PROTECTED]> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Unsubscribe: <mailto:[EMAIL PROTECTED]> List-Subscribe: <mailto:[EMAIL PROTECTED]> Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: moderator for [EMAIL PROTECTED] Received: (qmail 1470 invoked from network); 15 Nov 2001 04:07:32 -0000 X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] (Wietse Venema) To: [EMAIL PROTECTED] Subject: Postfix session log memory exhaustion bugfix Date: Wed, 14 Nov 2001 23:08:04 -0500 (EST) The Postfix SMTP server maintains a record of SMTP conversations for debugging purposes. Depending on local configuration details this record is mailed to the postmaster whenever an SMTP session terminates with errors. During code maintenance, a stupid error was introduced into the code due to which the SMTP session log could grow to an unreasonable size. This stupid error made Postfix vulnerable to a memory exhaustion attack. This error is all my own fault and I take full responsibility for it. A similarly stupid memory exhaustion vulnerability was found in the qmail SMTP server more than four years ago. It was never fixed. The patch below applies to any Postfix release that was issued in the year 2001. Fully patched releases will be made available via the usual web sites listed in www.postfix.org. Primary site: ftp://ftp.porcupine.org/mirrors/postfix-release/index.html Releases: snapshot-20011114 postfix-20010228-pl07 Thank you for your attention. Wietse *** ./smtpd.c- Sun Oct 28 19:31:14 2001 --- ./smtpd.c Wed Nov 14 22:21:46 2001 *************** *** 1060,1065 **** --- 1060,1077 ---- state->where = SMTPD_AFTER_DOT; /* + * Notify the postmaster if there were errors. This usually indicates a + * client configuration problem, or that someone is trying nasty things. + * Either is significant enough to bother the postmaster. XXX Can't + * report problems when running in stand-alone mode: postmaster notices + * require availability of the cleanup service. + */ + if (state->history != 0 && state->client != VSTREAM_IN + && (state->error_mask & state->notify_mask)) + smtpd_chat_notify(state); + smtpd_chat_reset(state); + + /* * Cleanup. The client may send another MAIL command. */ mail_reset(state); ------------------------------ End of this Digest ****************** -- Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
