sendmail vulnerability / impact
robin at umbc.edu
Fri Mar 7 14:31:37 GMT 2003
In response to the most recently published sendmail vulnerability, we were
given permission to block inbound port 25 traffic at our ResNet border.
To date, we've only received one complaint about this action, but our CIO
wants us to ask other university security folks about what they have done.
So here goes:
1) Has anyone else summarily blocked port 25 traffic (in or out) for
a) If you have NOT blocked port 25, have you had problems/incidents
relating to the sendmail vulnerability? Do you have a generally
laissez-faire approach to ResNet, or do you try to alert them to new
vulnerabilities, fixes, etc?
b) If you HAVE blocked port 25, do you have any data to support it as a
good decision? (I know it's hard to prove a negative and that "we
haven't been hacked, so it must be working" is sometimes the best we
can offer.) Any complaints?
2) Has anyone seen evidence of the exploit (successful or not) at their
Basically, our CIO is considering lifting the port 25 ban if no one has
seen activity related to the sendmail hole. Even evidence of a couple
compromised systems or broad probes for the hole across multiple sites
might keep the lockdown in place. Thanks in advance!
Robin Anderson Unix SysAdmin, Specialist / Security
Office of Information Technology Univ. of MD, Baltimore County (UMBC)
PGP fingerprint: (resumbc99) 1024/5B5A87A
DA F3 7F 1E D3 75 28 9F 75 7D 6A 0C 10 8D CE 35
"Pulvis et umbra sumus." (We are but dust and shadow.) -- Horace
More information about the unisog