sendmail remote exploit!

Dagmar d'Surreal dagmar.wants at nospam.com
Mon Mar 3 19:10:59 PST 2003


On Mon, 2003-03-03 at 16:10, Sam Halliday wrote:
> Sendmail users please update!
> 
> http://www.sendmail.org/8.12.8.html
> 
> The install should agree with the current hint and BLFS versions.
> 
> Yet again, LFS should not be affected as badly as most distros, since we
> all run sendmail setuid 'smmsp', right? ;-)

...or smmta.  It'll take some time to be 100% sure about that, but that
was one of the first things I thought of as I was reading the ISS
report.  It's been said before that these companies are in the buisness
of scaring customers into coughing up dough, but I still think it's
fairly tacky to try and paint every hole as if it's exploitation were
always a worst-case scenario.  
-- 
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar  Jabber: evilDagmar at jabber.org

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list