[unisog] sendmail vulnerability / impact

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Mar 7 15:21:25 GMT 2003


On Fri, 07 Mar 2003 09:31:37 EST, Robin Anderson <robin at umbc.edu>  said:

> Basically, our CIO is considering lifting the port 25 ban if no one has
> seen activity related to the sendmail hole.  Even evidence of a couple
> compromised systems or broad probes for the hole across multiple sites
> might keep the lockdown in place.  Thanks in advance!

At the recent SANS-EDU, I opined to people: "36 hours till we see an exploit,
and 3 weeks till we see scanning for it".  The LSD crew posted to Bugtraq after
24 hours 30 minutes, and I'm waiting for part two of my prediction.

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030307/da4170d0/attachment-0007.bin


More information about the unisog mailing list