[unisog] SENDMAIL SECURITY ALERT

David Foster foster at dim.ucsd.edu
Tue Mar 4 18:14:09 GMT 2003


Did you restart sendmail after applying the patches? If not
then that is probably the problem here.

Dave Foster

> 
> Greetings, all:
> 
> The Sun patches are available:
> 105395-08.tar.Z   for Solaris 2.6
> 107684-08.zip     for Solaris 7
> 110615-08.zip     for Solaris 8
> 
> After applying the patch, I noticed difficulty in sending mail which appears
> to have corrected itself after a time. Nothing in the mail server or client
> messages logs indicates the nature of the problem.
> 
> Best regards,
> 
> -- 
> Walter G. Aiello, Ph.D.
> Manager, Network and Information Services
> Magnetic Resonance Research Section
> Box 3808, Department of Radiology
> Duke University Medical Center
> 
> Walter.Aiello at Duke.edu
> (919) 684 7519
> 
> John Stauffacher wrote:
> > Anybody out there having issues compiling 8.12.8 on sunOS 5.6? Looks like
> > the new patch broke it. Or it could just be my system. Weirder things have
> > happened.
> > 
> > ++
> > John Stauffacher
> > Network Administrator
> > Chapman University
> > stauffacher at chapman.edu
> > 714.628.7249
> > "I ran out of sick days, so I called in dead" 
> >  
> > "The man who does not read good books has no advantage over the man who
> > cannot read them." -Mark Twain  (1835-1910)
> > 
> > "It is from numberless diverse acts of courage and belief that human history
> > is shaped. Each time a man stands up for an ideal, or acts to improve the
> > lot of others, or strikes out against injustice, he sends forth a tiny
> > ripple of hope, and crossing each other from a million different centers of
> > energy and daring those ripples build a current which can weep down the
> > mightiest walls of oppression and injustice." - Robert F Kennedy
> > 
> > ============================================
> > Pursuant to 47 USC, unsolicited e-mail sent to any of my addresses is
> > subject to an archival fee of not less than $500 U.S. per copy. E-mail
> > received after any receipt of this notice implies acceptance of these terms.
> > A copy of the specific law regarding this activity may be found at
> > http://www.law.cornell.edu/uscode/47/227.shtml
> > 
> > 
> > -----Original Message-----
> > From: Peter Ruprecht [mailto:ruprech at jilau1.Colorado.EDU] 
> > Sent: Monday, March 03, 2003 1:19 PM
> > To: mark.borrie at otago.ac.nz
> > Cc: unisog at sans.org
> > Subject: Re: [unisog] SENDMAIL SECURITY ALERT
> > 
> > 
> >>From the CERT advisory at http://www.cert.org/advisories/CA-2003-07.html:
> > 
> > "A successful attack against an unpatched sendmail system will not
> > leave any messages in the system log. However, on a patched system, an
> > attempt to exploit this vulnerability will leave the following log
> > message:
> > 
> > Dropped invalid comments from header address
> > 
> > Although this does not represent conclusive evidence of an attack, it
> > may be useful as an indicator.
> > 
> > A patched sendmail server will drop invalid headers, thus preventing
> > downstream servers from receiving them. "
> > 
> > So it looks like if the message passes through an 8.12.8 server, it should
> > be "disinfected".
> > 
> > Peter Ruprecht
> > JILA / University of Colorado
> > 
> > On Tue, 4 Mar 2003, Mark Borrie wrote:
> > 
> > 
> >>Does anyone know if sendmail 8.12.8 etc fixes the offending
> >>headers or passes them onto other servers unaltered. This is
> >>important in deciding how quickly we attend to upgrading sendmail
> >>inside the campus.


   << All opinions expressed are mine, not the University's >>

  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   David Foster    National Center for Microscopy and Imaging Research
    Programmer/Analyst     University of California, San Diego
    dfoster at ucsd.edu       Department of Neuroscience, Mail 0608
    (858) 534-7968         http://ncmir.ucsd.edu/
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   "The reasonable man adapts himself to the world; the unreasonable one
   persists in trying to adapt the world to himself.  Therefore, all progress
   depends on the unreasonable."   -- George Bernard Shaw



More information about the unisog mailing list