- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: PLEASE PATCH YOUR SENDMAIL!
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 12:00 PM
тАО03-04-2003 12:00 PM
Re: PLEASE PATCH YOUR SENDMAIL!
Our email infrastructure is exchange oriented with a smtp relay server to route and handle inbound/outbound traffic. The smtp server is programmed under no circumstances to send any mail messages to our HP-UX servers.
When I send out a message off one of my UX servers and its to a bad address, I can't get the bounce, because of the configuration.
Obviously someone could mess with the Exchange or SMTP servers, but if they can't send mail to the UX boxes, is there a problem?
This has btw been a fascinating discussion. I've learned a lot.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 12:05 PM
тАО03-04-2003 12:05 PM
Re: PLEASE PATCH YOUR SENDMAIL!
And it has been fun, hasn't it? :-)
Berlene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 12:09 PM
тАО03-04-2003 12:09 PM
Re: PLEASE PATCH YOUR SENDMAIL!
I've done as Patrick & just stopped accepting mail on servers that don't need to.
But I have a question.
I understand that the exploit is message-oriented and MTAs will just merrily pass it along to its destination. But if the affected server resides behind solid firewalls, how does the system get exploited by the sender AFTER the buffer overflow? Can this thing capture files on internal servers & send them out to be examined or cracked?
I don't see this exploit as being able to affect FWs as well, or am I missing something here?
I guess the vulnerability could be exploited by internal personnel.....
I see the major, urgent problems on I-net facing & DMZ systems more so than well protected, internal systems.
Would you agree?
I don't wish to make light of the situation at all, but at the same time I don't want a "chicken little" syndrome spawning unnecessary fear levels. We're being subjected to far too much of this fear-mongering already outside of our work environments, wouldn't you think?
Rgds,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 12:16 PM
тАО03-04-2003 12:16 PM
Re: PLEASE PATCH YOUR SENDMAIL!
My servers can accept mail directed at them from any workstation on my network.
This means I am vulnerable.
The good news is outside our department there are no users in the organization with near enough knowledge to exploit the problem.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2003 06:13 AM
тАО03-05-2003 06:13 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Everyone, please make sure you are not vulnerable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2003 08:47 AM
тАО03-05-2003 08:47 AM
Re: PLEASE PATCH YOUR SENDMAIL!
I haven't seen an answer to this question in the documentation. In what manner is the priveleged access exploited. Is the intruder coming in via telnet after you've been hit or are they executing code as root via the received email message.
For instance, would there be a root entry in wtmp assuming the intruder didn't mess with this file? I understand all of the implications of a root level intruder covering up their trail. Just wondering if they are logging in or executing code. Either way, scary stuff.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2003 08:58 AM
тАО03-05-2003 08:58 AM
SolutionI was just reading my SANS Newsbites about this. Here's what they had to say:
--Sendmail Vulnerability Demonstrates New DHS Capabilities
(3 March 2003)
A vulnerability was reported in Sendmail that allows root access simply
by sending a specially crafted email. Action by the Department of
Homeland Security and affected vendors led to a coordinated program for
patch development, early warning for critical infrastructure industries
and government agencies, and broad information dissemination, while
maintaining secrecy until the
http://www.washingtonpost.com/wp-dyn/articles/A41859-2003Mar4.html http://www.cert.org/advisories/CA-2003-07.html
http://www.msnbc.com/news/880094.asp?0cv=CB10
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,78991,00.html
http://news.com.com/2100-1009-990802.html
SANS web broadcast features people from sendmail.com, ISS,
SourceFire, and the SANS faculty experts answering questions about the
vulnerability, what systems are vulnerable, and what can be done to
protect Sendmail beyond patching. Also includes a brief discussion
of the new Snort vulnerability.
http://www.sans.org/webcasts/030303.php
Free, requires registration
I apologise for the truncation right before the list of URL's. That's the way SANS published it.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2003 09:09 AM
тАО03-05-2003 09:09 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Berlene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2003 09:12 AM
тАО03-05-2003 09:12 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Glad to - this thing scares me!
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2003 06:03 PM
тАО03-05-2003 06:03 PM
Re: PLEASE PATCH YOUR SENDMAIL!
strings /usr/lib/sendmail | grep Dropped
You should get the following output:
Dropped invalid comments from header address
If your sendmail binary is not patched, you won't get any output.
This is true for patched sendmail binaries on all platforms (from what I can tell).
-- Edmund.