[unisog] SENDMAIL SECURITY ALERT

John Stauffacher stauffacher at chapman.edu
Tue Mar 4 00:18:21 GMT 2003


Anybody out there having issues compiling 8.12.8 on sunOS 5.6? Looks like
the new patch broke it. Or it could just be my system. Weirder things have
happened.

++
John Stauffacher
Network Administrator
Chapman University
stauffacher at chapman.edu
714.628.7249
"I ran out of sick days, so I called in dead" 
 
"The man who does not read good books has no advantage over the man who
cannot read them." -Mark Twain  (1835-1910)

"It is from numberless diverse acts of courage and belief that human history
is shaped. Each time a man stands up for an ideal, or acts to improve the
lot of others, or strikes out against injustice, he sends forth a tiny
ripple of hope, and crossing each other from a million different centers of
energy and daring those ripples build a current which can weep down the
mightiest walls of oppression and injustice." - Robert F Kennedy

============================================
Pursuant to 47 USC, unsolicited e-mail sent to any of my addresses is
subject to an archival fee of not less than $500 U.S. per copy. E-mail
received after any receipt of this notice implies acceptance of these terms.
A copy of the specific law regarding this activity may be found at
http://www.law.cornell.edu/uscode/47/227.shtml


-----Original Message-----
From: Peter Ruprecht [mailto:ruprech at jilau1.Colorado.EDU] 
Sent: Monday, March 03, 2003 1:19 PM
To: mark.borrie at otago.ac.nz
Cc: unisog at sans.org
Subject: Re: [unisog] SENDMAIL SECURITY ALERT


>From the CERT advisory at http://www.cert.org/advisories/CA-2003-07.html:

"A successful attack against an unpatched sendmail system will not
leave any messages in the system log. However, on a patched system, an
attempt to exploit this vulnerability will leave the following log
message:

Dropped invalid comments from header address

Although this does not represent conclusive evidence of an attack, it
may be useful as an indicator.

A patched sendmail server will drop invalid headers, thus preventing
downstream servers from receiving them. "

So it looks like if the message passes through an 8.12.8 server, it should
be "disinfected".

Peter Ruprecht
JILA / University of Colorado

On Tue, 4 Mar 2003, Mark Borrie wrote:

>
> Does anyone know if sendmail 8.12.8 etc fixes the offending
> headers or passes them onto other servers unaltered. This is
> important in deciding how quickly we attend to upgrading sendmail
> inside the campus.
>



More information about the unisog mailing list