Welcome to WebmasterWorld Guest from 54.162.139.105

Forum Moderators: bakedjake

Message Too Old, No Replies

SendMail Vulnerability

Affects all versions; patched version now available

     
10:03 pm on Mar 3, 2003 (gmt 0)

Administrator

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
posts:9687
votes: 1


Just got an alert from SANS.org about a vulnerability in all versions of Sendmail that could allow a hacker root or superuser access when sendmail is running with those privileges.

It looks like Sendmail 8.12.8 now available at Sendmail.org corrects this.

10:18 pm on Mar 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2003
posts:1230
votes: 0


thanks a lot. more details are available at iss [iss.net].
10:30 pm on Mar 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 1, 2002
posts:1424
votes: 0


...In other news today, a new brain patch has been released for all sys admins who run sendmail. It comes in 3 different flavors, blue pill, red pill, and yellow pill - qmail, postfix, and exim respectively. Pregnant women and children under 12 should consult a doctor before taking...
10:38 pm on Mar 3, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 26, 2000
posts:414
votes: 0


brain patch

or log on and type

up2date -u
RedHat OS Required

10:48 pm on Mar 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2003
posts:1230
votes: 0


yes, after the detailed description it's even possible for me to execute the update script on a redhat server ;)
12:25 am on Mar 4, 2003 (gmt 0)

Administrator

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
posts:9687
votes: 1


brain patch

Hmmm, might need some of those. It seems like most of the UNIX/LINUX hosts I deal with still run Sendmail.

4:11 am on Mar 4, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 1, 2002
posts:1424
votes: 0


Hmmm, might need some of those.

Get the blue pill, my favorite :)

6:39 pm on Mar 4, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 3, 2001
posts:1609
votes: 0


After updating sendmail, is it neccesary to restart the machine?
6:45 pm on Mar 4, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Dec 9, 2002
posts:325
votes: 0


Nope - just restart sendmail.

/etc/rc.d/init.d/sendmail restart

as root

JP

6:48 pm on Mar 4, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 22, 2002
posts:1782
votes: 0


Although I admit that configuring Sendmail was great fun when I had enough time on my hands Postfix is just a lot easier to run and a lot more secure ;)

Andreas

11:48 am on Mar 5, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 3, 2002
posts:482
votes: 0


Yah, go with the red pill.
12:35 pm on Mar 5, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 1, 2002
posts:1424
votes: 0


Yah, go with the red pill.

Well, according to this
[slashdot.org...]
most of us are on pills :)