[Dshield] CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution

John Sage jsage at finchhaven.com
Thu Oct 10 05:25:35 GMT 2002


Realize that this is the most important point:

> It is important to understand that the compromise is to the system
> that is used to build the Sendmail software and not to the systems
> that run the Sendmail daemon. 


Again, it's the system that the trojaned versions were **compiled**
on, not the system that sendmail is **running** on.

Admitedly, this is often the same box, but it's worth repeating,
nonetheless...



- John
-- 
"Broken pipe"

PGP key:     http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705




More information about the list mailing list