- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: PLEASE PATCH YOUR SENDMAIL!
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 05:36 AM
тАО03-04-2003 05:36 AM
This was reported by Dan Ingevaldson, team leader of X-Force research and development at ISS, who first discovered the vulnerability. http://www.linuxworld.com/go.cgi?id=741963
"What makes the new vulnerability particularly pernicious is that attackers would need to know little about the server they were attacking other than its Internet address.
It's quite a dangerous vulnerability because an exploit could be contained in the e-mail message itself. The attacker doesn't need to set up an elaborate system to launch the attack. They could just send an e-mail message to a server, and if the server is vulnerable the attack would be launched.
The combination of freely visible source code, a severe and remotely exploitable vulnerability, and an enormous installed base of vulnerable servers make the new Sendmail vulnerability an extremely high-value target for the hacking community, according to Ingevaldson.
That means that it is critical for affected organizations to patch their servers.
Once an exploit is published, all bets are off. The window of vulnerability has decreased. there have been some very robust powerful exploits released within a few months of the exploit being published, so if patching was not a big deal before, it is now."
See HPSBUX0302-246 SSRT3469 Potential Security Vulnerability in sendmail
Berlene
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:27 AM
тАО03-04-2003 11:27 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Where is it an since I think it does not exist, when it it goiing to be ready.
All my sendmail updates have been from HP patch depots and I'm not going to screw things up by messing around with a gz file.
I've been very agressive at putting in patches and security_patch_check is run weekly and shows no necessary patches.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:30 AM
тАО03-04-2003 11:30 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Instructions are in the link which everyone has been pointing to. It is not in SD format (yet), however, it is very easy to install.
See:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xdd549c196a4bd71190080090279cd0f9,00.html
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:31 AM
тАО03-04-2003 11:31 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Berlene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:35 AM
тАО03-04-2003 11:35 AM
Re: PLEASE PATCH YOUR SENDMAIL!
If for no other reason than version control.
May sound trivial, but if you have *hundreds* of systems, tell me how one could easily tell if they're *all* patched or not?
IF it was a patch, this would be much, much easier.
So keep pushing for a patch ASAP, if you would please Berlene.
Thx,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:38 AM
тАО03-04-2003 11:38 AM
Re: PLEASE PATCH YOUR SENDMAIL!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:39 AM
тАО03-04-2003 11:39 AM
Re: PLEASE PATCH YOUR SENDMAIL!
Check for the JAG to confirm fix:
#what /usr/sbin/sendmail
8.9.3 / 10.20
Copyright (c) 1998 HEWLETT PACKARD COMPANY and its licensors, including Sendmail, Inc., and the Regents of the University of California. All rights reserved.
version.c 8.9.3.1 (Berkeley) 18/09/2001 (PHNE_25183+JAGae58098)
11.X / 8.11.1
Copyright (c) 1998 HEWLETT PACKARD COMPANY and its licensors, including Sendmail, Inc., and the Regents of the University of California. All rights reserved.
version.c 8.11.1 (Berkeley) - Revision 1.2+JAGae58098 - 2002/07/31
Berlene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:41 AM
тАО03-04-2003 11:41 AM
Re: PLEASE PATCH YOUR SENDMAIL!
I've already downloaded the patched sendmail executable and I've patched an 11.00 and an 11i box here. The instructions with the fix include a command to get the version of sendmail running on a box. Here is what I see before installing the sendmail binary [on an 11i box]:
Version 8.9.3 (PHNE_25184)
and here is what I see afterwards:
Version 8.9.3 (PHNE_26305+JAGae58098)
So there is a way to tell if the new binary has been installed or not. I agree that having it in a patch is nice, but it is also nice that HP has jumped on this issue and provided the fix so fast [many thanks to everyone involved please Berlene!]. It was nice this morning when the local Windows/Intel people started forwarding the sendmail stories to me via e-mail and I was able to tell them that we already knew about it and had the fix on hand thanks to HP. :)
JP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:43 AM
тАО03-04-2003 11:43 AM
Re: PLEASE PATCH YOUR SENDMAIL!
I like being able to get my sendmail version from swlist
[5031#] swlist -l product | grep sendmail
PHNE_25184 1.0 sendmail(1m) 8.9.3 patch
I guess my question is to maintain this crutch, when is it coming out in SD format. Being behind a firewall and accepting no outside mail I judge my vulnerability as low.
The bad part is management here does watch cnn/msnbc and are already grumbling about this.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 11:50 AM
тАО03-04-2003 11:50 AM
Re: PLEASE PATCH YOUR SENDMAIL!
This vulnerability is message-oriented as opposed to connection-oriented, so internal systems are just as vulnerable to exploit as internet facing systems. That means that the vulnerability is triggered by the contents of a specially-crafted email message rather than by lower-level network traffic. This is important because an MTA that does not contain the
vulnerability will pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable sendmail servers on the interior of a network are still at risk, even if
the site's border MTA uses software other than sendmail. Also, messages
capable of exploiting this vulnerability may pass undetected through many
common packet filters or firewalls.
Berlene