[unisog] SENDMAIL SECURITY ALERT

Peter Ruprecht ruprech at jilau1.Colorado.EDU
Mon Mar 3 21:18:36 GMT 2003


>From the CERT advisory at http://www.cert.org/advisories/CA-2003-07.html:

"A successful attack against an unpatched sendmail system will not
leave any messages in the system log. However, on a patched system, an
attempt to exploit this vulnerability will leave the following log
message:

Dropped invalid comments from header address

Although this does not represent conclusive evidence of an attack, it
may be useful as an indicator.

A patched sendmail server will drop invalid headers, thus preventing
downstream servers from receiving them. "

So it looks like if the message passes through an 8.12.8 server, it should
be "disinfected".

Peter Ruprecht
JILA / University of Colorado

On Tue, 4 Mar 2003, Mark Borrie wrote:

>
> Does anyone know if sendmail 8.12.8 etc fixes the offending
> headers or passes them onto other servers unaltered. This is
> important in deciding how quickly we attend to upgrading sendmail
> inside the campus.
>



More information about the unisog mailing list