sendmail remote exploit!
dagmar.wants at nospam.com
Mon Mar 3 19:10:59 PST 2003
On Mon, 2003-03-03 at 16:10, Sam Halliday wrote:
> Sendmail users please update!
> The install should agree with the current hint and BLFS versions.
> Yet again, LFS should not be affected as badly as most distros, since we
> all run sendmail setuid 'smmsp', right? ;-)
...or smmta. It'll take some time to be 100% sure about that, but that
was one of the first things I thought of as I was reading the ISS
report. It's been said before that these companies are in the buisness
of scaring customers into coughing up dough, but I still think it's
fairly tacky to try and paint every hole as if it's exploitation were
always a worst-case scenario.
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar Jabber: evilDagmar at jabber.org
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security