From owner-bugtraq@fc.net Fri May 19 11:20:20 1995 Return-Path: From: Nathan Lawson Message-Id: <199505180902.CAA28770@statler.calpoly.edu> Subject: Re: Don't want to replace IDA sendmail To: pwh@bradley.bradley.edu (Pete Hartman) Date: Thu, 18 May 1995 02:02:54 -0700 (PDT) Cc: bugtraq@fc.net In-Reply-To: <9505180555.AA01968@bradley.bradley.edu> from "Pete Hartman" at May 18, 95 00:55:37 am X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 925 Sender: owner-bugtraq@fc.net Precedence: queue Status: OR > So does anyone know exactly what the problem is? The 8lgm report is > (sadly) too vague to be of much use. I believe this advisory refers to newlines in the From part of a message. By specifying sendmail -F, a user can supply a string as the From name for a message. This string could be any nasty sequence of characters and if the mail was queued (i.e. the host was down), the next queue run would activate the modified file. > Could I maybe patch IDA so I don't > have to worry about the port to V8 right now (I was going to get around to > it, but haven't had and don't have the time....)? You could patch the input routines to only take alphanumeric and a small subset of punctuation characters as input. -- Nathan Lawson \ Never let your schooling interfere with your education. CSL 490/News Admin \ (805)756-7180 @Work \ "The steady state of disks is full." -- Ken Thompson ---------------------