HPE Community
Appliance Servers
1753381 Members
5483 Online
108792 Solutions
New Discussion юеВ

Re: Sendmail Critical Vulnerability

 
Craig Jungers
Occasional Advisor

тАО03-16-2003 07:48 PM

тАО03-16-2003 07:48 PM

Re: Sendmail Critical Vulnerability

According to RH's web site, the version of sendmail for 6.2 was 8.11.6 but the version of sendmail on my SA1100 is 8.10.2. I don't believe that simply doing an RPM -U of 8.12.8 would work, either (there are some file differences). I can't find anything on RH's site that offers upgrades for anything older than 6.2 but I'm still looking at their ftp site (can't get on at the moment).

We are very close to simply buying a cobalt and being done with this crapola.
0 Kudos
BR699722
Occasional Advisor

тАО03-17-2003 10:59 PM

тАО03-17-2003 10:59 PM

Re: Sendmail Critical Vulnerability

hi Craig,

the rpm program offers an option, to test the dependencies of an rpm package (i.e. rpm -U --test rpm-package)
IMHO you could upgrade to 8.11.6-126 (where 126 is the patch level), whithout config changes. This version is secured against the Vulnerability.
sendmail 8.12.x is working different to the prior versions and so you have to configure it again, if you upgrade to this version.

cu
Thomas
0 Kudos
Craig Jungers
Occasional Advisor

тАО03-18-2003 02:40 PM

тАО03-18-2003 02:40 PM

Re: Sendmail Critical Vulnerability

The rpm RH lists for V6.2 is not the same as the one that was installed in the SA1100 (we've already covered this). Because of the nature of the SA1100 and it's non-standard mail delivery system I was very VERY reluctant to simply install an RPM from redhat. Installing the latest sendmail (8.12.8) didn't work because the file structure of this version is very different from older versions.

What I finally did was to download the patched source RPM (sendmail-8.11.6-1.62.2.src.rpm), did an install ("rpm -i sendmail...etc"), then compiled it ("sh Build").Then Icopied each of the following files to a .bak backup in its subdirectory.

/usr/bin/rmail
/usr/sbin/mailstats
/usr/sbin/makemap
/usr/sbin/praliases
/usr/sbin/sendmail
/usr/sbin/smrsh

I then stopped the mail daemon using the web-based control screen.

I now had a backup copy of each of these files in its subdir ready to copy back into position should this upgrade fail. I then copied the new version of each of these new files into the appropriate subdirectory and restarted the mail daemon using the web-based controls.

The control page reported that sendmail had started and was running. I then went to an account outside this system and sent a test email which worked. Then I watched /var/log/maillog for a few minutes looking for obvious problems. None so far. :)

If you need to upgrade your SA1100 appliance server this method should work for you as well. I want to thank all who offered their suggestions.

0 Kudos
Sean_71
Occasional Advisor

тАО03-30-2003 05:02 AM

тАО03-30-2003 05:02 AM

Re: Sendmail Critical Vulnerability

This is why we need make an image then we can experiment with updating pkgs and testing various configurations and be assured if anything goes wrong we can restore the original image.

I have a SA1120 and various other 1U servers and plenty of disk space, that i would be fully prepared to make available if anyone wants to get involed in creating a new image.

who dares wins
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.