- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- sendmail " header field (possible attack)"
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2003 04:42 PM
тАО04-21-2003 04:42 PM
header field (possible attack)
Apr 21 19:31:08 lvapp13 sendmail[22238]: h3M0V76s022229: Fixed MIME Content-Type
header field (possible attack)
Apr 21 19:34:31 lvapp13 sendmail[24426]: h3M0YT6s024412: Fixed MIME Content-Type
header field (possible attack)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2003 04:43 PM
тАО04-21-2003 04:43 PM
Re: sendmail " header field (possible attack)"
I hit enter too fast.
I am seeing the above error in my syslog.
I an running sendmail 8.12.9 from source. I have not been able to find anything on sendmail.org about that error. Would any here happend to know what it mans?
Thanks
Richard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2003 06:03 PM
тАО04-21-2003 06:03 PM
Re: sendmail " header field (possible attack)"
It looks like sendmail used to have a bug during MIME
conversions which could allow the stack to be overwritten,
causing a buffer overflow and possible root priviliges for
an attacker. The newer versions of sendmail have been patched
to stop the MIME header attack and to warn you about possible
attacks. I'd suggest trying to look at the messages that
were coming in to see who they were from and what they
might have been sending you.
Take a look at this link:
http://lists.suse.com/archive/suse-security/2001-Feb/0297.html
JP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2003 07:04 AM
тАО04-22-2003 07:04 AM
Re: sendmail " header field (possible attack)"
I am using 8.12.9
and I is supposed to be patched for everything.
Richard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2003 08:01 AM
тАО04-22-2003 08:01 AM
Re: sendmail " header field (possible attack)"
I don't think it is a problem with not having a patch in your sendmail, it is just the opposite. You do have the patch in your sendmail and it is catching the bad MIME headers for you, and reporting it to your syslog.
I guess the real trick is to figure out what the bad headers are, and also who is sending them and why.
JP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2003 10:45 AM
тАО04-22-2003 10:45 AM
Solutioncharacters beyond the 256th could be written to memory. If those characters
contained executable code, it was possible to run a program of some sort.
Your sendmail truncated the header to 256 characters.
Berlene
(Tks Tony)