[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Security Help: sendmail accept() exploit

Subject: [cobalt-users] Security Help: sendmail accept() exploit
From: sammy <sammy@xxxxxx>
Date: Fri Apr 21 13:31:12 2000

Hi,

For Sendmail before 8.10.1 there is a known bug with accept() that involves
a five second sleep to sendmail.  By exploiting this bug, a DoS attacked
can be mounted.  It is said to be fixed in version 8.10.1.  

I use a Raq2 with Sendmail version 8.9.3.  When can we expect to have a
upgrade or patch from Cobalt addressing to this problem.  Thanks.

Some background information from the web:

For the description of sendmail and accept() problem on Linux that
generates the SYSERR messages:

ftp://ftp.sendmail.org/pub/sendmail/KNOWNBUGS

For exploit of the accept() and Sendmail DoS attack with spoofed packets,
with codes:

http://www.safenetworks.com/Linux/smail28.html

For bug fix in Sendmail 8.10.1, seach for 'five second sleep'

ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES

Sincerely,

Sammy

Prev by Date: Re: [cobalt-users] Chilisoft ASP on RaQ3i
Next by Date: [cobalt-users] Raq3 Mail error.
Previous by thread: [cobalt-users] Analog upgrade to 4.1 on Raq3i
Next by thread: [cobalt-users] Raq3 Mail error.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index