Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): SendmailDebugger ArbitraryCode Execution Vulnerability (fwd)

Tue, 14 Jan 2003 02:13:32 -0800 

Hi

Sorry to be a goon but could I just get this confirmed:

Jeff Lasman wrote

I'm not sure what version of sendmail your server is running.  Mine is
running 8.10.2.

8.10 versions of sendmail and earlier are NOT subject to this exploit.

Additionally, this exploit can only be performed by local users.
so is 8.10.2 classed as an 8.10 release? or is it considered a release after 8.10 and therefore insecure?
I am running 'sendmail-8.10.2-C1' could someone put my mind at rest?

Thanks all.

P.S. There seem to be a couple of raq's getting hacked over the last few weeks, having been in that situation before I know its nothing we want to go through again.

Hows about a thread where we all throw in some ideas to make sure we are all as secure as we can be? All patched-up and aware of the latest threats to our livelyhood etc... just an idea.






From: Jeff Lasman <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)
Date: Tue, 14 Jan 2003 00:57:56 -0800

ProServe - Peter Batenburg wrote:

>
> Is cobalt going to do something about this? Allready 2 exploits have been
> released on the bugtraq mailing list.

I'm not sure what version of sendmail your server is running. Mine is
running 8.10.2.

8.10 versions of sendmail and earlier are NOT subject to this exploit.

Additionally, this exploit can only be performed by local users.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

_________________________________________________________________
Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

Reply via email to