Nonetheless, Jeremy gets extreme cool points for posting the " heads up" on the list.
Reginald Reed wrote:
I really appreciate email like this! I've patched and restarted
sendmail on one of the co-located servers I manage part-time. As
everyone knows, security really doesn't happen "part-time," so notes
like this help me be more effective.
Thanks again.-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Jeremy Portzer
Sent: Monday, March 03, 2003 1:11 PM
To: TriLUG List
Subject: [TriLUG] Critical sendmail vulnerability
Sendmail has *yet* another remote-root vulnerability discovered
recently. For details seehttp://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
An excerpt from that advisory reads, "This vulnerability
is especially dangerous because the exploit can be delivered within an
email message and the attacker doesn't need any specific knowledge of
the target to launch a successful attack."
Red Hat has released errata packages here:
https://rhn.redhat.com/errata/RHSA-2003-073.html
Mandrake doesn't appear to have packages yet but I presume they and
other vendors will create some soon.
I'm working on syncing the TriLUG servers so the Red Hat updates should
be available soon there, for those of you using apt or current on the
TriLUG mirrors.
--Jeremy Portzer
_______________ ________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ:
http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ:
http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
--
JoJo Almario Network Administrator Intrah /UNC School of Medicine Office - 919-843-5145 Fax - 919-966-6816 [EMAIL PROTECTED]
