Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



This was just posted on the Postfix list. Centos 7 ships with: postfix-2.10.1-6.el7

Has this cert advisory been applied to the Centos build of Postfix?

thank you


-------- Forwarded Message --------
Subject: 	Obsolete NSA exploit for Postfix 2.0 - 2.2
Date: 	Sun, 9 Apr 2017 16:18:06 -0400 (EDT)
From: 	Wietse Venema <wietse@xxxxxxxxxxxxx>
To: 	Postfix users <postfix-users@xxxxxxxxxxx>
CC: 	Postfix announce <postfix-announce@xxxxxxxxxxx>



A recent twitter post reveals the existence of an exploit for Postfix,
in a collection of what appear to be NSA tools.

https://twitter.com/JulianAssange/status/850870683831648256

This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
11 years ago in Postfix 2.2.11 and later.

There was a memory corruption bug in a Postfix workaround for a
Sendmail bug (CERT advisory CA-2003-07, remote buffer overflow when
message headers contain lots of comment text before an email address).

Technical details: the Postfix strip_address() function, which
removes large comments from a mail header, called the printable()
function on a string that wasn't null-terminated. This caused the
printable() function to scribble past the end of malloc()ed memory,
corrupting the memory heap.

Running the exploit against Postfix versions less than 11 years old
results in odd-looking email messages in the super-user's mailbox,
and warning messages in the maillog file (warning: stripping too
many comments from address: <long character string>).

	Wietse

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux