ne. Prosto si podgotvi tezi neshta: * mp4 config failovete ot devtools/Site
* sendmail.mc faila (m4 versiata na sendmail.cf) slagash failovete v direktoriata na unpacknatia Sendmail, posle otivash v direktoria sendmail/ i pishesh "sh Build" kopirash sendmail.mc faila v direktoria cf/cf/ posle puskash "sh Build sendmail.cf" i "sh Build install-cf" otivash pak v direktoria sendmail/ "sh Build install". Tova e. Puskash novia sendmail i posle svobodno si buildvash toolchetata (kato makemap i drugi), za da gi upgradish ako sa se promenili. Estestveno vinagi mozhe da instalirash ot packet - rpm, tgz, deb. Za slackware - www.linuxpackages.net ima go veche Sendmail na tgz. ----- Original Message ----- From: "Todor.lazarov [SysAdmin]" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 04, 2003 3:23 PM Subject: lug-bg: Отг: Re: Re[2]: lug-bg: sendmail <8.12.8 vulnerable > Абе за по-сигорно, ще се upgretna до 8.12.8 > Само един въпрос ??? > > До сега sendmail съм го инсталирал и конфигурирал по > това ръководство: http://www.lcpe.uni-sofia.bg/linuxdoc/sendmail/install.txt > > Благодаря на Веселин за това. > > Но при update нужно ли е всичко да се изпълнява > говоря за т.1 до т.13 от Самата инсталация. > > --------- Оригинално съобщение -------- > От: [EMAIL PROTECTED] > До: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > Тема: Re: Re[2]: lug-bg: sendmail <8.12.8 vulnerable > Дата: 04/03/03 10:25 > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Tuesday 04 Mar 2003 12:17, Todor Lazarov wrote: > > > > > > Сериозен ли е проблема ??? > > > > Eto opisanieto na problema, pri tova e napisano mnogo po-razbrano > > ot kolkoto CERT sa go napravili. Niakoi hora v CERT (osobeno redaktorite) > > sa tzare na neiasnata misal:) > > > > > > - --> > > > > Security Advisory - RHSA-2003:073-06 > > - > -------------------------------------------------------------------------- ---- > > Summary: > > Updated sendmail packages fix critical security issues > > > > Updated Sendmail packages are available to fix a vulnerability that > > may allow remote attackers to gain root privileges by sending a > > carefully crafted message. > > > > These packages also fix a security bug if sendmail is configured to use > smrsh. > > > > Description: > > Sendmail is a widely used Mail Transport Agent (MTA) which is included > > in all Red Hat Linux distributions. > > > > During a code audit of Sendmail by ISS, a critical vulnerability was > > uncovered that affects unpatched versions of Sendmail prior to version > > 8.12.8. A remote attacker can send a carefully crafted email message > > which, when processed by sendmail, causes arbitrary code to be > > executed as root. > > > > We are advised that a proof-of-concept exploit is known to exist, but > > is not believed to be in the wild. > > > > Since this is a message-based vulnerability, MTAs other than Sendmail > > may pass on the carefully crafted message. This means that unpatched > > versions of Sendmail inside a network could still be at risk even if > > they do not accept external connections directly. > > > > In addition, the restricted shell (SMRSH) in Sendmail allows attackers to > > bypass the intended restrictions of smrsh by inserting additional commands > > after "||" sequences or "/" characters, which are not > properly filtered or > > verified. A sucessful attack would allow an attacker who has a local > > account on a system which has explicitly enabled smrsh to execute > arbitrary > > binaries as themselves by utilizing their .forward file. > > > > All users are advised to update to these erratum packages. For Red Hat > > Linux 8.0 we have included Sendmail version 8.12.8 which is not vulnerable > > to these issues. For all other distributions we have included a > backported > > patch which corrects these vulnerabilities. > > > > Red Hat would like to thank Eric Allman for his assistance with this > > vulnerability. > > > > References: > > http://www.cert.org/advisories/CA-2003-07.html > > http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274 > > - > -------------------------------------------------------------------------- ---- > > > > - ------------- > > Taking Action > > - ------------- > > You may address the issues outlined in this advisory in two ways: > > > > - select your server name by clicking on its name from the list > > available at the following location, and then schedule an > > errata update for it: > > https://rhn.redhat.com/network/systemlist/system_list.pxt > > > > - run the Update Agent on each affected server. > > > > > > - --------------------------------- > > Changing Notification Preferences > > - --------------------------------- > > To enable/disable your Errata Alert preferences globally please log in to > RHN > > and navigate from "Your RHN" / "Your Account" to the > "Preferences" tab. > > > > URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt > > > > You can also enable/disable notification on a per system basis by > selecting an > > individual system from the "Systems List". From the individual > system view > > click the "Details" tab. > > > > > > - ---------------- > > Affected Systems > > - ---------------- > > According to our records, this errata may apply to one or more of the > > systems that you've profiled with Red Hat Network. To see precisely which > > systems are affected, please go to: > > https://rhn.redhat.com/network/errata/systems_affected.pxt?eid=1504 > > > > > > > > The Red Hat Network Team > > > > This message is being sent by Red Hat Network Alert to: > > RHN user login: vlk_at_lcpe > > Email address on file: <[EMAIL PROTECTED]> > > > > If you lost your RHN password, you can use the information above to > > retrieve it by email from the following address: > > https://rhn.redhat.com/forgot_password.pxt > > > > To cancel these notices, go to: > > https://rhn.redhat.com/oo.pxt?uid=1793678&oid=2352664 > > > > - --> > > > > Pozdravi > > Vesselin Kolev > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.1 (GNU/Linux) > > > > iD8DBQE+ZHVh+48lZPXaa+MRAoOEAKDu02pwcCSH8oHuAA/sy84ai3JaIQCfZf2a > > s5lGGjxbjHlNvCrgEmAXrJk= > > =Yn1d > > -----END PGP SIGNATURE----- > > > > > ============================================================================ > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara > Zagora > > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > > > ============================================================================ > > > ________________________________________________ > Message sent using UebiMiau 2.7.2 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ============================================================================ > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > ============================================================================ ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
