[unisog] SENDMAIL SECURITY ALERT
Walter G. Aiello
Walter.Aiello at Duke.edu
Tue Mar 4 13:16:22 GMT 2003
The Sun patches are available:
105395-08.tar.Z for Solaris 2.6
107684-08.zip for Solaris 7
110615-08.zip for Solaris 8
After applying the patch, I noticed difficulty in sending mail which appears
to have corrected itself after a time. Nothing in the mail server or client
messages logs indicates the nature of the problem.
Walter G. Aiello, Ph.D.
Manager, Network and Information Services
Magnetic Resonance Research Section
Box 3808, Department of Radiology
Duke University Medical Center
Walter.Aiello at Duke.edu
(919) 684 7519
John Stauffacher wrote:
> Anybody out there having issues compiling 8.12.8 on sunOS 5.6? Looks like
> the new patch broke it. Or it could just be my system. Weirder things have
> John Stauffacher
> Network Administrator
> Chapman University
> stauffacher at chapman.edu
> "I ran out of sick days, so I called in dead"
> "The man who does not read good books has no advantage over the man who
> cannot read them." -Mark Twain (1835-1910)
> "It is from numberless diverse acts of courage and belief that human history
> is shaped. Each time a man stands up for an ideal, or acts to improve the
> lot of others, or strikes out against injustice, he sends forth a tiny
> ripple of hope, and crossing each other from a million different centers of
> energy and daring those ripples build a current which can weep down the
> mightiest walls of oppression and injustice." - Robert F Kennedy
> Pursuant to 47 USC, unsolicited e-mail sent to any of my addresses is
> subject to an archival fee of not less than $500 U.S. per copy. E-mail
> received after any receipt of this notice implies acceptance of these terms.
> A copy of the specific law regarding this activity may be found at
> -----Original Message-----
> From: Peter Ruprecht [mailto:ruprech at jilau1.Colorado.EDU]
> Sent: Monday, March 03, 2003 1:19 PM
> To: mark.borrie at otago.ac.nz
> Cc: unisog at sans.org
> Subject: Re: [unisog] SENDMAIL SECURITY ALERT
>>From the CERT advisory at http://www.cert.org/advisories/CA-2003-07.html:
> "A successful attack against an unpatched sendmail system will not
> leave any messages in the system log. However, on a patched system, an
> attempt to exploit this vulnerability will leave the following log
> Dropped invalid comments from header address
> Although this does not represent conclusive evidence of an attack, it
> may be useful as an indicator.
> A patched sendmail server will drop invalid headers, thus preventing
> downstream servers from receiving them. "
> So it looks like if the message passes through an 8.12.8 server, it should
> be "disinfected".
> Peter Ruprecht
> JILA / University of Colorado
> On Tue, 4 Mar 2003, Mark Borrie wrote:
>>Does anyone know if sendmail 8.12.8 etc fixes the offending
>>headers or passes them onto other servers unaltered. This is
>>important in deciding how quickly we attend to upgrading sendmail
>>inside the campus.
More information about the unisog