In message <199502230035.AA26027@charybda.sovam.com>, "Igor V. Semenyuk" <iga@sovam.com> writes: > Does anybody know details of the security hole(s) in 8.6.9 fixed > in 8.6.10? > > Is IDA sendmail vulnerable to these attacks? I've had a quick scan of the patch to take 8.6.9 to 8.6.10 (it's all I've got time for I'm afraid) and the changes to the IDENT service appear to concern stopping people returning information that overflows the buffer and/or contains new-lines. It introduces two new functions: 1) CLEANSTRCPY -- copy string keeping out bogus characters 2) DENLSTRING -- convert newlines in a string to spaces The interesting bit comes from the second, to quote: + #ifdef LOG + p = macvalue('_', CurEnv); + syslog(LOG_ALERT, "POSSIBLE ATTACK from %s: newline in string \"%s\"", + p == NULL ? "[UNKNOWN]" : p, bp); + #endif Chris -- Christopher Samuel Open Software Systems Group chris@rivers.dra.hmg.gb N-115, Defence Research Agency, St Andrews Road, Great Malvern, England, UK "To no man will we sell, or delay, or deny, right or justice" -- Magna Carta