Your message dated Sun, 11 Feb 2001 15:05:29 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#66595: fixed in smail 3.2.0.111-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Darren Benham
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Jul 2000 22:40:35 +0000
>From [EMAIL PROTECTED] Sat Jul 01 17:40:35 2000
Return-path: <[EMAIL PROTECTED]>
Received: from gw5a61-d245.wind.it (penny.ik5pvx.ampr.org) [212.141.89.245]
(root)
by master.debian.org with esmtp (Exim 3.12 2 (Debian))
id 138VwA-0000wH-00; Sat, 01 Jul 2000 17:40:35 -0500
Received: by penny.ik5pvx.ampr.org
via sendmail from stdin
id <[EMAIL PROTECTED]> (Debian Smail3.2.0.102)
for [EMAIL PROTECTED]; Sun, 2 Jul 2000 00:40:04 +0200 (CEST)
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: smail 3.2.0.102-2 DOS vulnerability
Reply-To: Pierfrancesco Caci <[EMAIL PROTECTED]>
From: Pierfrancesco Caci <[EMAIL PROTECTED]>
Date: 02 Jul 2000 00:40:04 +0200
Message-ID: <[EMAIL PROTECTED]>
Lines: 55
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
Package: smail
Version: 3.2.0.102-2
Severity: critical
Hi there, some very bad news here:
after reading in www.securityfocus.com of a DOS attack for Windows
2000 I just thought that before starting to laugh after Windows users,
better check that we're not vulnerable ourselves.
Here is what I did:
[EMAIL PROTECTED]:~ # nc localhost 25 < /dev/zero
I could see in top that smail (version 3.2.0.102-2 as contained in
current Potato archives) was eating lots and lots of memory. At the
end the machine died without leaving traces in the logs whatsoever.
The only trace in the logs is in daemon.log:
Jul 2 00:09:18 penny in.smtpd[21779]: connect from localhost
and that's all.
I would have expected:
1) smail drops the connection after receiving n ( 100 < n < 1000 )
bytes without a valid command
2) smail can't eat all memory (my fault, I could have set a ulimit,
but install script should suggest a good one to beginners)
3) kernel recognizes runaway process and terminates it (ok ok, I'm
dreaming).
Configuration files for smail, ipchains or any other which may be of
interest available on request
[EMAIL PROTECTED]:~ # uname -a
Linux penny 2.4.0-test2 #1 Sat Jun 24 11:38:05 CEST 2000 i686 unknown
[EMAIL PROTECTED]:~ # ls -l /lib/libc.so.6
lrwxrwxrwx 1 root root 13 May 10 22:42 /lib/libc.so.6 -> libc-2.1.3.so
In the next days I'll try other tcp and udp ports to see if they're
susceptible to the same kind of DOS attack
Regards,
Pf
--
-------------------------------------------------------------------------------
Pierfrancesco Caci | ik5pvx | mailto:[EMAIL PROTECTED] -
http://gusp.infogroup.it
Firenze - Italia | Office for the Complication of Otherwise Simple Affairs
Linux penny 2.4.0-test2 #1 Sat Jun 24 11:38:05 CEST 2000 i686 unknown
---------------------------------------
Received: (at 66595-close) by bugs.debian.org; 11 Feb 2001 20:15:58 +0000
>From [EMAIL PROTECTED] Sun Feb 11 14:15:56 2001
Return-path: <[EMAIL PROTECTED]>
Received: from auric.debian.org [::ffff:206.246.226.45]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 14S2uZ-0007s0-00; Sun, 11 Feb 2001 14:15:55 -0600
Received: from troup by auric.debian.org with local (Exim 3.12 1 (Debian))
id 14S2kT-0003tv-00; Sun, 11 Feb 2001 15:05:29 -0500
From: Hector Garcia <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Bug#66595: fixed in smail 3.2.0.111-6
Message-Id: <[EMAIL PROTECTED]>
Sender: James Troup <[EMAIL PROTECTED]>
Date: Sun, 11 Feb 2001 15:05:29 -0500
Delivered-To: [EMAIL PROTECTED]
We believe that the bug you reported is fixed in the latest version of
smail, which has been installed in the Debian FTP archive:
smail_3.2.0.111-6.dsc
to pool/main/s/smail/smail_3.2.0.111-6.dsc
smail_3.2.0.111-6_i386.deb
to pool/main/s/smail/smail_3.2.0.111-6_i386.deb
smail_3.2.0.111-6.diff.gz
to pool/main/s/smail/smail_3.2.0.111-6.diff.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hector Garcia <[EMAIL PROTECTED]> (supplier of updated smail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 10 Feb 2001 20:15:45 +0100
Source: smail
Binary: smail
Architecture: source i386
Version: 3.2.0.111-6
Distribution: unstable
Urgency: low
Maintainer: Hector Garcia <[EMAIL PROTECTED]>
Changed-By: Hector Garcia <[EMAIL PROTECTED]>
Description:
smail - Electronic mail transport system.
Closes: 66595 69165 82202
Changes:
smail (3.2.0.111-6) unstable; urgency=low
.
* Adopted the package. (closes: #82202)
* Fixed DOS bug. Didn't send pacth to upstream author yet because I cannot
contact him. Now only accepts a maximun of 1024 bytes as stated
by RFC-1869. (closes: #66595)
* Making use of funtion available for current libident. (closes: #69165)
* Now uses dpkg-statoverride instead of dh_suidregister.
Files:
abf9ff5c54e18754e7f420497ae6255f 675 mail extra smail_3.2.0.111-6.dsc
583d47adddce43a9d4adf3e80b9d1b43 61207 mail extra smail_3.2.0.111-6.diff.gz
147d3cab88c1749bf06d02a1c0dc8fda 515672 mail extra smail_3.2.0.111-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6htnfMwsDi2xjdG0RAoFtAKCjqhS6BsXyng5tUAn+rJHJVOMvEwCg+uKC
vDSf0F4ZSs5WEZE7ztw45Lc=
=woFB
-----END PGP SIGNATURE-----
