[Dshield] New critical security hole in sendmail.

Jon R. Kibler Jon.Kibler at aset.com
Thu Sep 18 02:02:17 GMT 2003


In case you haven't heard, sendmail released a new rev today to fix a critical security problem. Here is the news from their web site ( http://www.sendmail.org/8.12.10.html ):
> Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.10. It contains a fix for a security problem discovered by Michal Zalewski whom we thank for bringing this problem to our attention. We also want to thank Todd C. Miller for providing a patch. sendmail 8.12.10 also includes fixes for other potential problems, see the release notes below for more details. Sendmail urges all users to either upgrade to sendmail 8.12.10 or apply a patch. Remember to check the PGP signatures of patches or releases obtained via FTP or HTTP (to check the correctness of the patch in this announcement please verify the PGP signature of it). For those not running the open source version, check with your vendor for a patch. 
> For a complete list of changes see the release notes down below. 
> Note: we are aware of the fact that the release notes state 2003/09/24 as release date but that the actual release occurred on 2003/09/17. The former was the scheduled release date, the latter was required by early public disclosure. 

Note the above sentence!!! Since the exploit is now known, it is CRITICAL to upgrade or patch ASAP!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list