[FUGSPBR] Postfix

Seg Dez 10 13:27:48 BRST 2001

Aplique a patch e seja feliz. :)

Atenciosamente
Jean Milanez Melo
Network/System Administrator
FreeBSD The Power To Serve

On Sun, 9 Dec 2001, Vinis wrote:

> 	olhem isso. O que acham ?!
> 
> 
> 
> 
> 
> [ Message Index ] [ Thread Index ]
> [ Reply ]
> [ prev Msg by Date ]
> [ next Msg by Date ]
> To:
> BugTraq
> Subject:
> Postfix session log memory exhaustion bugfix
> Date:
> Nov 14 2001 10:08PM
> Author:
> Wietse Venema <wietse em porcupine.org>
> Message-ID:
> <20011115040804.6A743C1DEE em tail.porcupine.org>
> The Postfix SMTP server maintains a record of SMTP conversations
> for debugging purposes. Depending on local configuration details
> this record is mailed to the postmaster whenever an SMTP session
> terminates with errors. During code maintenance, a stupid error was
> introduced into the
> code due to which the SMTP session log could grow to an unreasonable
> size.   This stupid error made Postfix vulnerable to a memory
> exhaustion attack. This error is all my own fault and I take full
> responsibility for
> it. A similarly stupid memory exhaustion vulnerability was found in
> the qmail SMTP server more than four years ago. It was never fixed. The
> patch below applies to any Postfix release that was issued in
> the year 2001. Fully patched releases will be made available via
> the usual web sites listed in www.postfix.org. Primary site:    
> ftp://ftp.porcupine.org/mirrors/postfix-release/index.html Releases:    
> snapshot-20011114     postfix-20010228-pl07 Thank you for your attention.
> Wietse *** ./smtpd.c-Sun Oct 28 19:31:14 2001
> --- ./smtpd.cWed Nov 14 22:21:46 2001
> ***************
> *** 1060,1065 ****
> --- 1060,1077 ----
>       state->where = SMTPD_AFTER_DOT;
>  
>       /*
> +      * Notify the postmaster if there were errors. This usually
> indicates a
> +      * client configuration problem, or that someone is trying nasty
> things.
> +      * Either is significant enough to bother the postmaster. XXX Can't
> +      * report problems when running in stand-alone mode: postmaster
> notices
> +      * require availability of the cleanup service.
> +      */
> +     if (state->history != 0 && state->client != VSTREAM_IN
> + && (state->error_mask & state->notify_mask))
> + smtpd_chat_notify(state);
> +     smtpd_chat_reset(state);
> +
> +     /*
>        * Cleanup. The client may send another MAIL command.
>        */
>       mail_reset(state);
> Privacy Statement
> Copyright © 1999-2001 SecurityFocus
>                   
> ----
> Para sair da lista envie um e-mail para majordomo em fugspbr.org
> com as palavras "unsubscribe fugspbr" no corpo da mensagem.
> 
> 

----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.