Witam, Dnia Wed, Apr 02, 2003 at 11:21:25PM CEST, Marcin Rosowski napisał:
: ..chłopaki z "Security Team" coś chyba zapomnieli o sendmail'u - na : stronie opiekuna "http://people.debian.org/~cowboy/"; mozna pobrać : patch'owane wersje odporne na błąd, który wykrył ostatnio Michał Zalewski. Pozwole sobie zaspamowac: ---- From: Noah Meyerhans <[EMAIL PROTECTED]> To: Debian Security List <[email protected]> Cc: Bcc: Subject: Re: Is there a security update for the new sendmail exploit in woody? Reply-To: In-Reply-To: <[EMAIL PROTECTED]> Old-Return-Path: <[EMAIL PROTECTED]> X-Spam-Status: No, hits=-3.7 required=4.0 tests=IN_REP_TO,PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MUTT version=2.43 On Wed, Apr 02, 2003 at 07:57:35AM -0700, Tom Clements wrote: > --Sendmail Users Face Second Major Security Flaw > (31 March 2003) Yes, it's on its way. Expect it very soon. I think the updated packages have all (or almost all) completed building. > Most versions of sendmail do not adequately check the length of > e-mail addresses, and a carefully crafted address can trigger a > stack overflow and potentially allow the attacker to take control of > the system. Sendmail developers published a patch to address this vulnerability. If you can't wait for the new packages, you can always download the source for the current packages, apply the patch, and build new packages yourself. Note that there is no *known* exploit for this vulnerability, though, and there have been no reports of compromises due to it. I'm sure somebody will correct me in short order if I'm sharing outdated info here. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html : : Marcin : : : -- : To UNSUBSCRIBE, email to [EMAIL PROTECTED] : with a subject of "unsubscribe". Trouble? Contact : [EMAIL PROTECTED] PS. Co nie zmienia faktu, ze sendmail jest wogole glupi bo umozliwia wysylanie maili bez tresci ;< (Fajnie OE i inne MUA sie zachowuja wtedy). -- Pozdrawiam, TTC .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- .:: Tomasz T. Ciaszczyk [ ciacho<at>ciacho.pl ] >> http://ciacho.pl << .:: .:: You cannot kill time without injuring eternity. .:: -- Thoreau `-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
pgp1iF2vz3VOK.pgp
Description: PGP signature
