I really appreciate email like this! I've patched and restarted sendmail on one of the co-located servers I manage part-time. As everyone knows, security really doesn't happen "part-time," so notes like this help me be more effective.
Thanks again. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Portzer > Sent: Monday, March 03, 2003 1:11 PM > To: TriLUG List > Subject: [TriLUG] Critical sendmail vulnerability > > > Sendmail has *yet* another remote-root vulnerability discovered > recently. For details see > http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 An excerpt from that advisory reads, "This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn't need any specific knowledge of the target to launch a successful attack." Red Hat has released errata packages here: https://rhn.redhat.com/errata/RHSA-2003-073.html Mandrake doesn't appear to have packages yet but I presume they and other vendors will create some soon. I'm working on syncing the TriLUG servers so the Red Hat updates should be available soon there, for those of you using apt or current on the TriLUG mirrors. --Jeremy Portzer _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
