Operating System - HP-UX
1748181 Members
4175 Online
108759 Solutions
New Discussion юеВ

Re: SSRT3469 Potential Security Vulnerability in sendmail

 
Berlene Herren
Honored Contributor

SSRT3469 Potential Security Vulnerability in sendmail

 
http://www.mindspring.com/~bkherren/dobes/index.htm
15 REPLIES 15
John Payne_2
Honored Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

Berlene,

As always, thanks for the speedy notification.

John
Spoon!!!!
Christopher Caldwell
Honored Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

This is about the earliest I've seen you guys get out a working "patch" on a open source vulnerability.

Send thanks up the ladder.
Berlene Herren
Honored Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

Always glad to pass on the thanks!

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
Michael Tully
Honored Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

Thanks for heads up Berlene. This could have caused me some BIG headaches.....
Cheers
Michael
Anyone for a Mutiny ?
James A. Donovan
Honored Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

If anyone wants the details on the vulnerability....

http://www.cert.org/advisories/CA-2003-07.html
Remember, wherever you go, there you are...
Trever Furnish
Regular Advisor

Re: SSRT3469 Potential Security Vulnerability in sendmail

I'm personally wondering why the patch wasn't made available yesterday at the same time as the announcement, as it was by other vendors. Not point a finger of blame here, just wondering if there's a lack of communication somewhere that needs improvement.

Perhaps the Sendmail company didn't inform HP, as it apparently did other vendors?
Hockey PUX?
Pete Randall
Outstanding Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

Berlene,

I'm confused about which version I should download.
Your instructions read:
For HP-UX 11.00: sendmail.811.11.00.gz
sendmail.893.11.00.gz
For HP-UX 11.11: sendmail.811.11.11.gz
sendmail.893.11.11.gz

So, for 11.00, do I need the 811 or the 893 version? And for 11.11 do I need the 811 or the 893 version?

Pete

Pete
Pete Randall
Outstanding Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

Berlene,

Never mind - while waiting for the submit to finish, I finally noticed the obvious.

Pete

Pete
Pete Randall
Outstanding Contributor

Re: SSRT3469 Potential Security Vulnerability in sendmail

However, I do have an 11.0 system with a 8.8.6 version of sendmail on it - what version should I download for that?

Pete

Pete