[TriLUG] Critical sendmail vulnerability

Jeremy Portzer jeremyp at pobox.com
Mon Mar 3 15:38:06 EST 2003


On Mon, 2003-03-03 at 13:10, Jeremy Portzer wrote:
> Sendmail has *yet* another remote-root vulnerability discovered
> recently.   For details see
> 
> http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
> 
> An excerpt from that advisory reads, "This vulnerability
> is especially dangerous because the exploit can be delivered within an
> email message and the attacker doesn't need any specific knowledge of
> the target to launch a successful attack."
> 
> Red Hat has released errata packages here:
> https://rhn.redhat.com/errata/RHSA-2003-073.html
> 
> Mandrake doesn't appear to have packages yet but I presume they and
> other vendors will create some soon.

Mandrake has now released errata packages, available here:

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:028

I haven't seen evidence of a Debian announcement yet.  Strange because
they are usually pretty fast.

> I'm working on syncing the TriLUG servers so the Red Hat updates should
> be available soon there, for those of you using apt or current on the
> TriLUG mirrors.

The TriLUG apt for rpm repository is now updated; the current server
should be updated by tomorrow AM.

--Jeremy




More information about the TriLUG mailing list