[unisog] SENDMAIL SECURITY ALERT

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Wed Mar 5 03:10:25 GMT 2003


http://news.com.com/2100-1002-991041.html

"A group of four Polish hackers published code to an open security mailing 
list on Tuesday that can take advantage of a major vulnerability in the 
Sendmail mail server.
 
The code, released less than a day after the  Sendmail flaw's public 
announcement, allows an attacker to remotely exploit a Red Hat or 
Slackware Linux computer running a vulnerable version of the mail server, 
the group--known as the Last Stage of Delirium--stated in the analysis 
that accompanied the code. "

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================





"Bill Martin" <bmartin at luc.edu>
03/04/2003 08:12 PM

 
        To:     <r.fulton at auckland.ac.nz>
        cc:     <unisog at sans.org>
        Subject:        Re: [unisog] SENDMAIL SECURITY ALERT


Russell,

It would seem to me that the exploit would be available considering the 
vuln alert had to be based on something :-).  Or, are you referring to 
this now being confirmed in the wild?

-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu

>>> Russell Fulton <r.fulton at auckland.ac.nz> 03/04/03 01:18PM >>>
We have just had information from Symantec that exploits are available.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin







More information about the unisog mailing list