[Dshield] CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution
jsage at finchhaven.com
Thu Oct 10 05:25:35 GMT 2002
Realize that this is the most important point:
> It is important to understand that the compromise is to the system
> that is used to build the Sendmail software and not to the systems
> that run the Sendmail daemon.
Again, it's the system that the trojaned versions were **compiled**
on, not the system that sendmail is **running** on.
Admitedly, this is often the same box, but it's worth repeating,
PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800 4EF6 5FC8 F23D 35A4 F705
More information about the list