![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Fri, 21 Jul 2000 18:08:33 +0200
From: Koos van den Hout <koos@KZDOOS.XS4ALL.NL>
Subject: Sendmail filter rule to stop Outlook exploit
To: BUGTRAQ@SECURITYFOCUS.COM
Also on http://www.cetis.hvu.nl/~koos/outlookoverflow.txt
with tabs in the right places :)
#
# this is a filter to make sendmail reject messages with Date: headers
# that are too long. This is used in the latest Outlook exploit.
#
# You NEED:
# - a sendmail that understands regex maps. I had to specially compile this
# into 8.11 ! Add to sendmail-8.11.0/devtools/Site/site.config.m4
# define(`confMAPDEF',`-DMAP_REGEX') and rebuild from scratch
#
# The filter simply rejects messages with a date header longer (total!)
# then 60 chars
#
# Then add this part to your .mc file in the different areas and regenerate
# your .cf file
#
# 2000-07-21 Originally written
#
# if you cut and paste this:
# tabs are in use in the '^R' lines
#
# Koos van den Hout
# http://www.cetis.hvu.nl/~koos/
# http://www.virtualbookcase.com/
#
LOCAL_CONFIG
Klinetoolong regex -a@MATCH ^.{60,}$
LOCAL_RULESETS
HDate: $>+CheckDate
SCheckDate
R$* $: $(linetoolong $1 $)
R@MATCHi $#error $: 553 Date Header too long error
R$*i $@ OK
--
Koos van den Hout, PGP keyid RSA/1024 0xCA845CB5 via keyservers
koos@kzdoos.xs4all.nl or DSS/1024 0xF0D7C263 -?)
Fax +31-30-2817051 Visit my site about books with reviews /\\
http://www.cetis.hvu.nl/~koos/ http://www.virtualbookcase.com/ _\_V