sendmail remote exploit!

Dagmar d'Surreal dagmar.wants at
Mon Mar 3 19:10:59 PST 2003

On Mon, 2003-03-03 at 16:10, Sam Halliday wrote:
> Sendmail users please update!
> The install should agree with the current hint and BLFS versions.
> Yet again, LFS should not be affected as badly as most distros, since we
> all run sendmail setuid 'smmsp', right? ;-)

...or smmta.  It'll take some time to be 100% sure about that, but that
was one of the first things I thought of as I was reading the ISS
report.  It's been said before that these companies are in the buisness
of scaring customers into coughing up dough, but I still think it's
fairly tacky to try and paint every hole as if it's exploitation were
always a worst-case scenario.  
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar  Jabber: evilDagmar at

Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list