From owner-freebsd-security Mon Feb 1 11:19:57 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA01829 for freebsd-security-outgoing; Mon, 1 Feb 1999 11:19:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA01824 for ; Mon, 1 Feb 1999 11:19:55 -0800 (PST) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id NAA03752; Mon, 1 Feb 1999 13:19:50 -0600 (CST) From: Igor Roshchin Message-Id: <199902011919.NAA03752@alecto.physics.uiuc.edu> Subject: Re: Sendmail- headers In-Reply-To: from "Jung, Michael" at "Feb 1, 1999 12:33:10 pm" To: mjung@npc.net (Jung Michael) Date: Mon, 1 Feb 1999 13:19:49 -0600 (CST) Cc: igor@physics.uiuc.edu, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No, it didn't happen in the message itself. In the headers only. Also, we don't have Cisco Firewall. Thanks, anyway. Igor > Does this ever happen elsewhere in the message? > > If si and you have a Cisco PIX firewall this is a known problem using > the > "mailhost" statement. If so look at cisco's site for a resolution. > > We had this exact problem a while back > > --mikej > Michael Jung > mjung@npc.net > > >-----Original Message----- > >From: Igor Roshchin [SMTP:igor@physics.uiuc.edu] > >Sent: Friday, January 29, 1999 5:30 PM > >To: security@FreeBSD.ORG > >Subject: Sendmail- headers > > > > > >Hello! > > > >Sorry, if I am asking about some which has been stated clearly. > >I just looked in the archives and haven't found the clear answer. > > > >This week I've received two messages which indicate an attempt > >of the header overflow (I think) in the sendmail. > >Remembering some discussion recently on one of the lists, > >I am not sure if this overflow can result in any break in > >or just might cause identity forgering (so, to prevent identification > >of the sender and/or his host) ? > > > >I am running Sendmail 8.8.5/8.7.3 on a 2.1.7.1 -> 2.1-STABLE > >Yes, I know it's outdated and the upgrade is pending, > >but I am concerned if there was a break in this way, and whether I should > >worry about detection of any traces of it. > > > >The headers are: > > > > > >Return-Path: aho@aho.ne > >Received: from > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >xxx > >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > >Date: Fri, 29 Jan 1999 08:50:44 -0500 (EST) > >From: aho@aho.ne > >Message-Id: <199901291350.IAA10527@MYHOST.CHANGED.BY.ME.FOR.SECURITY.REASONS> > >To: kei37@geocities.co.jp > >Subject: test > >X-Mailer: Microsoft Outlook Express 4.72.2106 > > > > > > > >Thanks, > > > >Igor > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message