Sendmail MIME DoS vulnerability

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Sendmail MIME DoS vulnerability
From: "Jain, Siddhartha" <Siddhartha.Jain@xxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2006 15:57:32 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcaUvOmdxNlspH2nQCOeEEnG3IMsnw==
Thread-topic: Sendmail MIME DoS vulnerability

Hi,

I am trying to understand how the below mentioned sendmail
vulnerability. 
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

The description says that the DoS occurs when sendmail goes in a deeply
nested malformed MIME message and uses the MIME 8-bit to 7-bit
conversion function. Under what conditions would sendmail use the MIME
8-bit to 7-bit function? Only when the remote MTA doesn't understand
8-bit MIME, right?

That would mean that a malicious user would have to force the victim MTA
to relay the malformed mail to a MIME 7-bit-only MTA for the attack to
succeed. This probably means that open relays and ISP SMTP servers are
more vulnerable than purely incoming SMTP servers.

I am just trying to make sense of the advisory and the possible threat
of exploit.


Thanks,

- Siddhartha

Follow-Ups:
- Re: Sendmail MIME DoS vulnerability
  - From: Claus Assmann
- Re: Sendmail MIME DoS vulnerability
  - From: Gadi Evron

Prev by Date: JEdit ActiveX Control Information Disclosure vulnerability
Next by Date: Re: Vacation Retal Script v1.0
Previous by thread: JEdit ActiveX Control Information Disclosure vulnerability
Next by thread: Re: Sendmail MIME DoS vulnerability
Index(es):
- Date
- Thread