[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    false alarms by real secure
From:       Danton Nunes <danton () INEXO ! COM ! BR>
Date:       2000-02-29 19:39:04
[Download RAW message or body]

Real secure traps incoming packets on tcp/25 containing certain strings
that suggest a message being directed to a program (to:|something). It
seems not to distinguish between message headers and message contents and
sounds a false alarm when a message or an attachment to a message contains
something like 'mailbox:/c|/some/funny/place'.

it is possible to launch a DoS attack against firewalls with realsecure
just sending a number of e-mails containing the offending pattern. The
message is not delivered, returning to sendmail w/ I/O error. sendmail
requeues and tries again later, making the alarm ring over and over again.

I don't understand why realsecure mistakes normal e-mail text for an
attack against sendmail (most versions are not vulnerable anyway). Amazingly,
this behaviour is documented as a 'feature'.


--
Danton Nunes      |Informática, Consultoria e Serviços de Acesso à Internet
InterNexo Ltda.   |  http://www.inexo.com.br/  mailto:danton@inexo.com.br
S.J.Campos,BRASIL |  PGP: 02 D1 E2 DF 21 EC 48 69 3F D5 4D 1B 5D 73 F4 B5

[prev in list] [next in list] [prev in thread] [next in thread]