[TriLUG] Critical sendmail vulnerability
Reginald Reed
reginald at cisco.com
Mon Mar 3 17:11:35 EST 2003
I really appreciate email like this! I've patched and restarted
sendmail on one of the co-located servers I manage part-time. As
everyone knows, security really doesn't happen "part-time," so notes
like this help me be more effective.
Thanks again.
> -----Original Message-----
> From: trilug-admin at trilug.org
> [mailto:trilug-admin at trilug.org] On Behalf Of Jeremy Portzer
> Sent: Monday, March 03, 2003 1:11 PM
> To: TriLUG List
> Subject: [TriLUG] Critical sendmail vulnerability
>
>
> Sendmail has *yet* another remote-root vulnerability discovered
> recently. For details see
>
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
An excerpt from that advisory reads, "This vulnerability
is especially dangerous because the exploit can be delivered within an
email message and the attacker doesn't need any specific knowledge of
the target to launch a successful attack."
Red Hat has released errata packages here:
https://rhn.redhat.com/errata/RHSA-2003-073.html
Mandrake doesn't appear to have packages yet but I presume they and
other vendors will create some soon.
I'm working on syncing the TriLUG servers so the Red Hat updates should
be available soon there, for those of you using apt or current on the
TriLUG mirrors.
--Jeremy Portzer
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ:
http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
More information about the TriLUG
mailing list