[Dshield] New critical security hole in sendmail.

Jon R. Kibler Jon.Kibler at aset.com
Thu Sep 18 13:55:54 GMT 2003


Kenneth Porter wrote:
> 
> --On Wednesday, September 17, 2003 10:02 PM -0400 "Jon R. Kibler"
> <Jon.Kibler at aset.com> wrote:
> 
> > In case you haven't heard, sendmail released a new rev today to fix a
> > critical security problem. Here is the news from their web site (
> > http://www.sendmail.org/8.12.10.html ):
> 
> Hmm, Red Hat released an advisory dated 9/16 that sounds suspiciously like
> this: <https://rhn.redhat.com/errata/RHSA-2003-283.html>
> 
> Is this something different?
> 

Looks like the same thing. The fact RedHat published their fix (and thus made everyone aware of the exploit) before sendmail published an official release is probably why sendmail pushed up the release of 8.12.10 by a week.

BTW, if you are still running sendmail 8.11.x, you REALLY should upgrade to 8.12.10. There are A LOT of security and performance improvements in 8.12.x.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list