Re: verify sendmail fix?

EML · ‎03-06-2003

Does anyone know how to simulate this security flaw in sendmail?
I'd like to verify the fix from HP if it is working ok.

Berlene Herren · ‎03-06-2003

#what /usr/sbin/sendmail

Copyright (c) 1998 HEWLETT PACKARD COMPANY and its licensors, ncluding Sendmail, Inc., and the Regents of the University of California. All rights reserved. version.c 8.9.3.1 (Berkeley) 18/09/2001 (PHNE_25183+JAGae58098)
^^^
Look for the JAG

Berlene

http://www.mindspring.com/~bkherren/dobes/index.htm

Robin Wakefield · ‎03-06-2003

Hi,

Doesn't answer your question, but an interesting link:

http://www.silicon.com/news/500013-500001/1/3157.html?nl=d20030306

rgds, Robin

someone_4 · ‎03-06-2003

Hello

According to sendmail:
To check whether the new sendmail binary contains the patch, run this command (in the directory where the binary is located):

strings sendmail | grep 'Dropped invalid comments from header address'

The command must print the string
Dropped invalid comments from header address

##################
Here is my output:

strings /usr/sbin/sendmail | grep -i dropped

If it is patchted up it will return:
Dropped invalid comments from header address

if it is not patched up it will not return anything..

Richard

Kasper Haitsma · ‎03-17-2003

when performing a check on the binairy with strings(1), make sure to include the -a option. In some binaries, the string "Dropped invalid comments from header address" will otherwise not be shown (8.11.1 for 11i is known for this)

It depends

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: verify sendmail fix?

verify sendmail fix?