https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918397#M78346 Any flavor of Unix needs to be patched. the group "LSD" has proven Tuesday to break into Redhat and Debian so far. All relevant patches are now available at:<BR /><BR />Hewlett Packard: <A href="http://www.hp.com/support" target="_blank">www.hp.com/support</A> <BR /><BR />IBM: <A href="http://www.ibm.com/support" target="_blank">www.ibm.com/support</A> <BR /><BR />RedHat Linux: <A href="http://www.redhat.com/apps/support/errata" target="_blank">www.redhat.com/apps/support/errata</A> <BR /><BR />SGI: support.sgi.com <BR />Sun: sunsolve.sun.com/patches <BR /><BR />SuSE Linux: /<A href="http://www.suse.com/us/private/support/security" target="_blank">www.suse.com/us/private/support/security</A> <BR /><BR />Of course BSD and others also have patches avail, just do not have the links right here in front of me. I have seen that SuSE, Redhat, Connectiva, and Mandrake have these on thier FTPs now.<BR /><BR /><BR /> Wed, 05 Mar 2003 07:48:54 GMT Jon_87 2003-03-05T07:48:54Z https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918393#M78342 This was reported by Dan Ingevaldson, team leader of X-Force research and development at ISS, who first discovered the vulnerability. <A href="http://www.linuxworld.com/go.cgi?id=741963" target="_blank">http://www.linuxworld.com/go.cgi?id=741963</A><BR /><BR />"What makes the new vulnerability particularly pernicious is that attackers would need to know little about the server they were attacking other than its Internet address.<BR />It's quite a dangerous vulnerability because an exploit could be contained in the e-mail message itself. The attacker doesn't need to set up an elaborate system to launch the attack. They could just send an e-mail message to a server, and if the server is vulnerable the attack would be launched.<BR /><BR />The combination of freely visible source code, a severe and remotely exploitable vulnerability, and an enormous installed base of vulnerable servers make the new Sendmail vulnerability an extremely high-value target for the hacking community, according to Ingevaldson. <BR /><BR />That means that it is critical for affected organizations to patch their servers.<BR /><BR />Once an exploit is published, all bets are off. The window of vulnerability has decreased. there have been some very robust powerful exploits released within a few months of the exploit being published, so if patching was not a big deal before, it is now." <BR /><BR /><BR />Berlene Tue, 04 Mar 2003 13:34:26 GMT https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918393#M78342 Berlene Herren 2003-03-04T13:34:26Z https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918394#M78343 Was this for all versions of Sendmail on all Operationg Systems?<BR /><BR /><BR />The link only mentioned the Linux operating system.<BR /> Tue, 04 Mar 2003 13:58:44 GMT https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918394#M78343 Krishna Prasad 2003-03-04T13:58:44Z https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918395#M78344 Ron, a complete list can be found here:<BR /><BR /><A href="http://www.cert.org/advisories/CA-2003-07.html" target="_blank">http://www.cert.org/advisories/CA-2003-07.html</A><BR /><BR />Berlene Tue, 04 Mar 2003 14:05:57 GMT https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918395#M78344 Berlene Herren 2003-03-04T14:05:57Z https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918396#M78345 sendmail-8.11.6-15<BR /><BR />vulnerable? Not?<BR /><BR />RH 7.3 Intel<BR /><BR />SEP Wed, 05 Mar 2003 00:29:35 GMT https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918396#M78345 Steven E. Protter 2003-03-05T00:29:35Z https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918397#M78346 Any flavor of Unix needs to be patched. the group "LSD" has proven Tuesday to break into Redhat and Debian so far. All relevant patches are now available at:<BR /><BR />Hewlett Packard: <A href="http://www.hp.com/support" target="_blank">www.hp.com/support</A> <BR /><BR />IBM: <A href="http://www.ibm.com/support" target="_blank">www.ibm.com/support</A> <BR /><BR />RedHat Linux: <A href="http://www.redhat.com/apps/support/errata" target="_blank">www.redhat.com/apps/support/errata</A> <BR /><BR />SGI: support.sgi.com <BR />Sun: sunsolve.sun.com/patches <BR /><BR />SuSE Linux: /<A href="http://www.suse.com/us/private/support/security" target="_blank">www.suse.com/us/private/support/security</A> <BR /><BR />Of course BSD and others also have patches avail, just do not have the links right here in front of me. I have seen that SuSE, Redhat, Connectiva, and Mandrake have these on thier FTPs now.<BR /><BR /><BR /> Wed, 05 Mar 2003 07:48:54 GMT https://community.hpe.com/t5/operating-system-linux/please-patch-your-sendmail/m-p/2918397#M78346 Jon_87 2003-03-05T07:48:54Z