HPE Community
Operating System - Linux
1752679 Members
5882 Online
108789 Solutions
New Discussion юеВ

PLEASE PATCH YOUR SENDMAIL!

 
Berlene Herren
Honored Contributor

тАО03-04-2003 05:34 AM

тАО03-04-2003 05:34 AM

PLEASE PATCH YOUR SENDMAIL!

This was reported by Dan Ingevaldson, team leader of X-Force research and development at ISS, who first discovered the vulnerability. http://www.linuxworld.com/go.cgi?id=741963

"What makes the new vulnerability particularly pernicious is that attackers would need to know little about the server they were attacking other than its Internet address.
It's quite a dangerous vulnerability because an exploit could be contained in the e-mail message itself. The attacker doesn't need to set up an elaborate system to launch the attack. They could just send an e-mail message to a server, and if the server is vulnerable the attack would be launched.

The combination of freely visible source code, a severe and remotely exploitable vulnerability, and an enormous installed base of vulnerable servers make the new Sendmail vulnerability an extremely high-value target for the hacking community, according to Ingevaldson.

That means that it is critical for affected organizations to patch their servers.

Once an exploit is published, all bets are off. The window of vulnerability has decreased. there have been some very robust powerful exploits released within a few months of the exploit being published, so if patching was not a big deal before, it is now."


Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
4 REPLIES 4
Krishna Prasad
Trusted Contributor

тАО03-04-2003 05:58 AM

тАО03-04-2003 05:58 AM

Re: PLEASE PATCH YOUR SENDMAIL!

Was this for all versions of Sendmail on all Operationg Systems?


The link only mentioned the Linux operating system.
Positive Results requires Positive Thinking
0 Kudos
Reply
Berlene Herren
Honored Contributor

тАО03-04-2003 06:05 AM

тАО03-04-2003 06:05 AM

Re: PLEASE PATCH YOUR SENDMAIL!

Ron, a complete list can be found here:

http://www.cert.org/advisories/CA-2003-07.html

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО03-04-2003 04:29 PM

тАО03-04-2003 04:29 PM

Re: PLEASE PATCH YOUR SENDMAIL!

sendmail-8.11.6-15

vulnerable? Not?

RH 7.3 Intel

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jon_87
Advisor

тАО03-04-2003 11:48 PM

тАО03-04-2003 11:48 PM

Re: PLEASE PATCH YOUR SENDMAIL!

Any flavor of Unix needs to be patched. the group "LSD" has proven Tuesday to break into Redhat and Debian so far. All relevant patches are now available at:

Hewlett Packard: www.hp.com/support

IBM: www.ibm.com/support

RedHat Linux: www.redhat.com/apps/support/errata

SGI: support.sgi.com
Sun: sunsolve.sun.com/patches

SuSE Linux: /www.suse.com/us/private/support/security

Of course BSD and others also have patches avail, just do not have the links right here in front of me. I have seen that SuSE, Redhat, Connectiva, and Mandrake have these on thier FTPs now.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.