HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Latest version of sendmail? & Vulnerabilities....
Operating System - HP-UX
1826639
Members
3255
Online
109695
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2004 08:21 AM
05-24-2004 08:21 AM
Hello everyone,
Our network security guy is playing around with Nessus. He gave me a report for my servers. Among the findings, there are a couple related to sendmail.We're running HP-UX 11i. Our sendmail version is: Sendmail 8.9.3 (PHNE_28810)
This is part of one of the reports:
"The remote sendmail server, according to its version number,may be vulnerable to a remote buffer overflow allowing remote users to gain root privileges.
Sendmail versions from 5.79 to 8.12.7 are vulnerable.
Solution : Upgrade to Sendmail ver 8.12.8 or greater or if you cannot upgrade, apply patches for 8.10-12"
The problem is I don't know if we are actually running the latest version. If I go sendmail.org the latest version is 8.12.11 and we have 8.9.3 eh? I know this may be the HP-UX port version but I'm not sure.
How do I know if I'm running the latest? Doing a search for patch PHNE_28810?
Thanks,
Jorge
Our network security guy is playing around with Nessus. He gave me a report for my servers. Among the findings, there are a couple related to sendmail.We're running HP-UX 11i. Our sendmail version is: Sendmail 8.9.3 (PHNE_28810)
This is part of one of the reports:
"The remote sendmail server, according to its version number,may be vulnerable to a remote buffer overflow allowing remote users to gain root privileges.
Sendmail versions from 5.79 to 8.12.7 are vulnerable.
Solution : Upgrade to Sendmail ver 8.12.8 or greater or if you cannot upgrade, apply patches for 8.10-12"
The problem is I don't know if we are actually running the latest version. If I go sendmail.org the latest version is 8.12.11 and we have 8.9.3 eh? I know this may be the HP-UX port version but I'm not sure.
How do I know if I'm running the latest? Doing a search for patch PHNE_28810?
Thanks,
Jorge
Solved! Go to Solution.
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2004 08:27 AM
05-24-2004 08:27 AM
Solution
Hi Jorge,
Looks like sendmail 8.11.1 is the latest version on hp site,
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL811
Hope this helps.
Regds
Looks like sendmail 8.11.1 is the latest version on hp site,
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL811
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2004 08:30 AM
05-24-2004 08:30 AM
Re: Latest version of sendmail? & Vulnerabilities...
Last week a call went out to itrc for beta testers to test sendmail 8.12 on HP-UX.
I'm told soon it will be available to testers.
You can improve security by using 8.11 for HP-UX:http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL811
There have been a number of security improvements made since release on that product.
The release alone is not enough. Sendmail is loaded with vulnerabilities that let the latest spamware move messages through the system.
There are a number of script kiddie exploits that attempt to send mail through port 25.
On top of that if you have web based forms on your web server on the same box or a box that allows sendmail relay it can be exploited if you don't have the latest version of formmail installed.
If you want to beta test 8.12, take a look at Berlene Herren's latest questions and sign up for the trial.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=593013
SEP
I'm told soon it will be available to testers.
You can improve security by using 8.11 for HP-UX:http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL811
There have been a number of security improvements made since release on that product.
The release alone is not enough. Sendmail is loaded with vulnerabilities that let the latest spamware move messages through the system.
There are a number of script kiddie exploits that attempt to send mail through port 25.
On top of that if you have web based forms on your web server on the same box or a box that allows sendmail relay it can be exploited if you don't have the latest version of formmail installed.
If you want to beta test 8.12, take a look at Berlene Herren's latest questions and sign up for the trial.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=593013
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2004 08:31 AM
05-24-2004 08:31 AM
Re: Latest version of sendmail? & Vulnerabilities...
Hi Jorge,
You can determine your current version with
# what /usr/sbin/sendmail | grep version
/usr/sbin/sendmail:
version.c 8.9.3.1 (Berkeley) 10/01/2000
Hope this helps,
Robert-Jan
You can determine your current version with
# what /usr/sbin/sendmail | grep version
/usr/sbin/sendmail:
version.c 8.9.3.1 (Berkeley) 10/01/2000
Hope this helps,
Robert-Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2004 08:52 AM
05-24-2004 08:52 AM
Re: Latest version of sendmail? & Vulnerabilities...
Sanjay, Steven & Robert-Jan:
Thanks a million! I REALLY appreciate your help.
Jorge
Thanks a million! I REALLY appreciate your help.
Jorge
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP