Welcome to WebmasterWorld Guest from 50.17.79.100

Forum Moderators: bakedjake

Message Too Old, No Replies

SendMail Vulnerability

Affects all versions; patched version now available

     

rogerd

10:03 pm on Mar 3, 2003 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Just got an alert from SANS.org about a vulnerability in all versions of Sendmail that could allow a hacker root or superuser access when sendmail is running with those privileges.

It looks like Sendmail 8.12.8 now available at Sendmail.org corrects this.

hakre

10:18 pm on Mar 3, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



thanks a lot. more details are available at iss [iss.net].

bcc1234

10:30 pm on Mar 3, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



...In other news today, a new brain patch has been released for all sys admins who run sendmail. It comes in 3 different flavors, blue pill, red pill, and yellow pill - qmail, postfix, and exim respectively. Pregnant women and children under 12 should consult a doctor before taking...

David

10:38 pm on Mar 3, 2003 (gmt 0)

10+ Year Member



brain patch

or log on and type

up2date -u
RedHat OS Required

hakre

10:48 pm on Mar 3, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



yes, after the detailed description it's even possible for me to execute the update script on a redhat server ;)

rogerd

12:25 am on Mar 4, 2003 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



brain patch

Hmmm, might need some of those. It seems like most of the UNIX/LINUX hosts I deal with still run Sendmail.

bcc1234

4:11 am on Mar 4, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hmmm, might need some of those.

Get the blue pill, my favorite :)

john316

6:39 pm on Mar 4, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



After updating sendmail, is it neccesary to restart the machine?

jpjones

6:45 pm on Mar 4, 2003 (gmt 0)

10+ Year Member



Nope - just restart sendmail.

/etc/rc.d/init.d/sendmail restart

as root

JP

andreasfriedrich

6:48 pm on Mar 4, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Although I admit that configuring Sendmail was great fun when I had enough time on my hands Postfix is just a lot easier to run and a lot more secure ;)

Andreas

martin

11:48 am on Mar 5, 2003 (gmt 0)

10+ Year Member



Yah, go with the red pill.

bcc1234

12:35 pm on Mar 5, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yah, go with the red pill.

Well, according to this
[slashdot.org...]
most of us are on pills :)
 

Featured Threads

Hot Threads This Week

Hot Threads This Month