Bug#66595: marked as done (smail 3.2.0.102-2 DOS vulnerability)

To: Hector Garcia <hector@scouts-es.org>
Cc: Debian QA Group <debian-qa@lists.debian.org>
Subject: Bug#66595: marked as done (smail 3.2.0.102-2 DOS vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 11 Feb 2001 14:21:20 -0600
Message-id: <[🔎] handler.66595.D66595.98192255830290.ackdone@bugs.debian.org>
In-reply-to: <E14S2kT-0003tv-00@auric.debian.org>
References: <E14S2kT-0003tv-00@auric.debian.org> <87lmzllbjv.fsf@penny.ik5pvx.ampr.org>

Your message dated Sun, 11 Feb 2001 15:05:29 -0500
with message-id <E14S2kT-0003tv-00@auric.debian.org>
and subject line Bug#66595: fixed in smail 3.2.0.111-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Darren Benham
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Jul 2000 22:40:35 +0000
>From ik5pvx@penny.ik5pvx.ampr.org Sat Jul 01 17:40:35 2000
Return-path: <ik5pvx@penny.ik5pvx.ampr.org>
Received: from gw5a61-d245.wind.it (penny.ik5pvx.ampr.org) [212.141.89.245] (root)
	by master.debian.org with esmtp (Exim 3.12 2 (Debian))
	id 138VwA-0000wH-00; Sat, 01 Jul 2000 17:40:35 -0500
Received: by penny.ik5pvx.ampr.org
	via sendmail from stdin
	id <m138Vvg-000AeFC@penny.ik5pvx.ampr.org> (Debian Smail3.2.0.102)
	for submit@bugs.debian.org; Sun, 2 Jul 2000 00:40:04 +0200 (CEST) 
To: submit@bugs.debian.org
Cc: massimo@gusp.infogroup.it f.dinitto@seabone.net 
Subject: smail  3.2.0.102-2 DOS vulnerability
Reply-To: Pierfrancesco Caci <p.caci@tin.it>
From: Pierfrancesco Caci <ik5pvx@penny.ik5pvx.ampr.org>
Date: 02 Jul 2000 00:40:04 +0200
Message-ID: <87lmzllbjv.fsf@penny.ik5pvx.ampr.org>
Lines: 55
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: submit@bugs.debian.org


Package: smail
Version: 3.2.0.102-2
Severity: critical

Hi there, some very bad news here:

after reading in www.securityfocus.com of a DOS attack for Windows
2000 I just thought that before starting to laugh after Windows users,
better check that we're not vulnerable ourselves.

Here is what I did:

root@penny:~ # nc localhost 25 < /dev/zero

I could see in top that smail (version 3.2.0.102-2 as contained in
current Potato archives) was eating lots and lots of memory. At the
end the machine died without leaving traces in the logs whatsoever.

The only trace in the logs is in daemon.log:
 Jul  2 00:09:18 penny in.smtpd[21779]: connect from localhost

and that's all.

I would have expected:
1) smail drops the connection after receiving n ( 100 < n < 1000 )
        bytes without a valid command
2) smail can't eat all memory (my fault, I could have set a ulimit,
        but install script should suggest a good one to beginners)
3) kernel recognizes runaway process and terminates it (ok ok, I'm
        dreaming).

Configuration files for smail, ipchains or any other which may be of
interest available on request

root@penny:~ # uname -a
Linux penny 2.4.0-test2 #1 Sat Jun 24 11:38:05 CEST 2000 i686 unknown

root@penny:~ # ls -l /lib/libc.so.6
lrwxrwxrwx    1 root     root  13 May 10 22:42 /lib/libc.so.6 -> libc-2.1.3.so


In the next days I'll try other tcp and udp ports to see if they're
susceptible to the same kind of DOS attack

Regards,
Pf


-- 

-------------------------------------------------------------------------------
 Pierfrancesco Caci | ik5pvx | mailto:p.caci@tin.it - http://gusp.infogroup.it
  Firenze - Italia  | Office for the Complication of Otherwise Simple Affairs 
     Linux penny 2.4.0-test2 #1 Sat Jun 24 11:38:05 CEST 2000 i686 unknown

---------------------------------------
Received: (at 66595-close) by bugs.debian.org; 11 Feb 2001 20:15:58 +0000
>From troup@auric.debian.org Sun Feb 11 14:15:56 2001
Return-path: <troup@auric.debian.org>
Received: from auric.debian.org [::ffff:206.246.226.45] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 14S2uZ-0007s0-00; Sun, 11 Feb 2001 14:15:55 -0600
Received: from troup by auric.debian.org with local (Exim 3.12 1 (Debian))
	id 14S2kT-0003tv-00; Sun, 11 Feb 2001 15:05:29 -0500
From: Hector Garcia <hector@scouts-es.org>
To: 66595-close@bugs.debian.org
Subject: Bug#66595: fixed in smail 3.2.0.111-6
Message-Id: <E14S2kT-0003tv-00@auric.debian.org>
Sender: James Troup <troup@auric.debian.org>
Date: Sun, 11 Feb 2001 15:05:29 -0500
Delivered-To: 66595-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
smail, which has been installed in the Debian FTP archive:

smail_3.2.0.111-6.dsc
  to pool/main/s/smail/smail_3.2.0.111-6.dsc
smail_3.2.0.111-6_i386.deb
  to pool/main/s/smail/smail_3.2.0.111-6_i386.deb
smail_3.2.0.111-6.diff.gz
  to pool/main/s/smail/smail_3.2.0.111-6.diff.gz
A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 66595@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hector Garcia <hector@scouts-es.org> (supplier of updated smail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 10 Feb 2001 20:15:45 +0100
Source: smail
Binary: smail
Architecture: source i386
Version: 3.2.0.111-6
Distribution: unstable
Urgency: low
Maintainer: Hector Garcia <hector@scouts-es.org>
Changed-By: Hector Garcia <hector@scouts-es.org>
Description: 
 smail      - Electronic mail transport system.
Closes: 66595 69165 82202
Changes: 
 smail (3.2.0.111-6) unstable; urgency=low
 .
   * Adopted the package. (closes: #82202)
   * Fixed DOS bug. Didn't send pacth to upstream author yet because I cannot
     contact him. Now only accepts a maximun of 1024 bytes as stated
     by RFC-1869. (closes: #66595)
   * Making use of funtion available for current libident. (closes: #69165)
   * Now uses dpkg-statoverride instead of dh_suidregister.
Files: 
 abf9ff5c54e18754e7f420497ae6255f 675 mail extra smail_3.2.0.111-6.dsc
 583d47adddce43a9d4adf3e80b9d1b43 61207 mail extra smail_3.2.0.111-6.diff.gz
 147d3cab88c1749bf06d02a1c0dc8fda 515672 mail extra smail_3.2.0.111-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6htnfMwsDi2xjdG0RAoFtAKCjqhS6BsXyng5tUAn+rJHJVOMvEwCg+uKC
vDSf0F4ZSs5WEZE7ztw45Lc=
=woFB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#63291: marked as done (screem: *.a and *.la file in /usr/lib/screem/plugins/ (again))
Next by Date: Bug#69165: marked as done (smail: Smail is broken out of the box)
Previous by thread: Bug#63291: marked as done (screem: *.a and *.la file in /usr/lib/screem/plugins/ (again))
Next by thread: Bug#69165: marked as done (smail: Smail is broken out of the box)
Index(es):
- Date
- Thread