Home Archive RSS/XML Subscribe Shop

[ISN] Sendmail posts fix for email glitch

From: mea culpa <jericho_at_dimensional.com>
Date: Thu 13 Aug 1998 - 02:31:03 CDT
Forwarded From: "Prosser, Mike" <Mike_Prosser@tds.com>

[If you are running Sendmail 8.9.1, this might interest you.  Supposedly
 a pre-emptive fix to the long file name problem in mail handlers
 -mike]

Sendmail posts fix for email glitch 
By Randy Weston <mailto:randyw@cnet.com>
Staff Writer, CNET NEWS.COM
August 11, 1998, 11:25 a.m. PT 

The slew of email program security holes found in recent weeks is
prompting one of the leading makers of server-based routing software to
develop its own solution to the problem. 

Sendmail <http://www.sendmail.com/> in Emeryville, California, is to post
today a patch that can be installed on its email server software,
preventing companies from having to undergo the laborious task of
installing patches on sometimes thousands of PCs spread out around a
company. 

The patch cures security holes </News/Item/0,4,24668,00.html> that
currently affect Netscape Communications' <http://www.netscape.com/>
Communicator email system and Microsoft's <http://www.microsoft.com/>
Outlook and Outlook Express email software.

While the security flaw is not in the server software, Sendmail began
developing the server-based patch at the urging of the nonprofit Computer
Emergency Response Team <http://www.cert.org/>, or CERT. The organization
is based at Carnegie Mellon University <http://www.cmu.edu/> and focuses
on Internet security issues. According to Sendmail executives, the patch
they developed truncates long headers before they arrive in end users'
mailboxes based on the setting of a new option.

The "long file name" security glitch affects the way email clients handle
file attachments with extremely long file names. When a user attempts to
download, open, or launch a file attachment that has a name greater than
200 characters in length, the action might cause the email software to
crash. At that point, a skilled hacker could possibly run arbitrary code
in the computer's memory, according to a security bulletin posted recently
by Microsoft.

The patch, which is available for free, is for Version 8.9.1 of Sendmail's
email routing system. Users can find the patch at Sendmail's Web site
<http://www.sendmail.com/sendmail.8.9.1a.html>.


-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Thu Aug 13 09:28:31 1998
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy