[FUGSPBR] Postfix
Jean Milanez Melo
jmelo em bsd.com.br
Seg Dez 10 13:27:48 BRST 2001
Aplique a patch e seja feliz. :)
Atenciosamente
Jean Milanez Melo
Network/System Administrator
FreeBSD The Power To Serve
On Sun, 9 Dec 2001, Vinis wrote:
> olhem isso. O que acham ?!
>
>
>
>
>
> [ Message Index ] [ Thread Index ]
> [ Reply ]
> [ prev Msg by Date ]
> [ next Msg by Date ]
> To:
> BugTraq
> Subject:
> Postfix session log memory exhaustion bugfix
> Date:
> Nov 14 2001 10:08PM
> Author:
> Wietse Venema <wietse em porcupine.org>
> Message-ID:
> <20011115040804.6A743C1DEE em tail.porcupine.org>
> The Postfix SMTP server maintains a record of SMTP conversations
> for debugging purposes. Depending on local configuration details
> this record is mailed to the postmaster whenever an SMTP session
> terminates with errors. During code maintenance, a stupid error was
> introduced into the
> code due to which the SMTP session log could grow to an unreasonable
> size. This stupid error made Postfix vulnerable to a memory
> exhaustion attack. This error is all my own fault and I take full
> responsibility for
> it. A similarly stupid memory exhaustion vulnerability was found in
> the qmail SMTP server more than four years ago. It was never fixed. The
> patch below applies to any Postfix release that was issued in
> the year 2001. Fully patched releases will be made available via
> the usual web sites listed in www.postfix.org. Primary site:
> ftp://ftp.porcupine.org/mirrors/postfix-release/index.html Releases:
> snapshot-20011114 postfix-20010228-pl07 Thank you for your attention.
> Wietse *** ./smtpd.c-Sun Oct 28 19:31:14 2001
> --- ./smtpd.cWed Nov 14 22:21:46 2001
> ***************
> *** 1060,1065 ****
> --- 1060,1077 ----
> state->where = SMTPD_AFTER_DOT;
>
> /*
> + * Notify the postmaster if there were errors. This usually
> indicates a
> + * client configuration problem, or that someone is trying nasty
> things.
> + * Either is significant enough to bother the postmaster. XXX Can't
> + * report problems when running in stand-alone mode: postmaster
> notices
> + * require availability of the cleanup service.
> + */
> + if (state->history != 0 && state->client != VSTREAM_IN
> + && (state->error_mask & state->notify_mask))
> + smtpd_chat_notify(state);
> + smtpd_chat_reset(state);
> +
> + /*
> * Cleanup. The client may send another MAIL command.
> */
> mail_reset(state);
> Privacy Statement
> Copyright © 1999-2001 SecurityFocus
>
> ----
> Para sair da lista envie um e-mail para majordomo em fugspbr.org
> com as palavras "unsubscribe fugspbr" no corpo da mensagem.
>
>
----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.
Mais detalhes sobre a lista de discussão freebsd