Peter Ruprecht ruprech at jilau1.Colorado.EDU
Mon Mar 3 21:18:36 GMT 2003

>From the CERT advisory at http://www.cert.org/advisories/CA-2003-07.html:

"A successful attack against an unpatched sendmail system will not
leave any messages in the system log. However, on a patched system, an
attempt to exploit this vulnerability will leave the following log

Dropped invalid comments from header address

Although this does not represent conclusive evidence of an attack, it
may be useful as an indicator.

A patched sendmail server will drop invalid headers, thus preventing
downstream servers from receiving them. "

So it looks like if the message passes through an 8.12.8 server, it should
be "disinfected".

Peter Ruprecht
JILA / University of Colorado

On Tue, 4 Mar 2003, Mark Borrie wrote:

> Does anyone know if sendmail 8.12.8 etc fixes the offending
> headers or passes them onto other servers unaltered. This is
> important in deciding how quickly we attend to upgrading sendmail
> inside the campus.

More information about the unisog mailing list