[TriLUG] Critical sendmail vulnerability
Jeremy Portzer
jeremyp at pobox.com
Mon Mar 3 15:38:06 EST 2003
On Mon, 2003-03-03 at 13:10, Jeremy Portzer wrote:
> Sendmail has *yet* another remote-root vulnerability discovered
> recently. For details see
>
> http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
>
> An excerpt from that advisory reads, "This vulnerability
> is especially dangerous because the exploit can be delivered within an
> email message and the attacker doesn't need any specific knowledge of
> the target to launch a successful attack."
>
> Red Hat has released errata packages here:
> https://rhn.redhat.com/errata/RHSA-2003-073.html
>
> Mandrake doesn't appear to have packages yet but I presume they and
> other vendors will create some soon.
Mandrake has now released errata packages, available here:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:028
I haven't seen evidence of a Debian announcement yet. Strange because
they are usually pretty fast.
> I'm working on syncing the TriLUG servers so the Red Hat updates should
> be available soon there, for those of you using apt or current on the
> TriLUG mirrors.
The TriLUG apt for rpm repository is now updated; the current server
should be updated by tomorrow AM.
--Jeremy
More information about the TriLUG
mailing list