[cobalt-users] Re: RPMS from Sun for sendmail vulnerability

[Peter Frederick <pfred@xxxxxxxxx>]

On Wed, 5 Mar 2003 10:53:08 -0800, you wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>FYI - It appears that the S/RPMS which will eventually be released in 
>PKG form are now on the FTP server:
>
>ftp://ftp-eng.cobalt.com/pub/experimental/security/sendmail
>
>Nothing for the MIPS boxes though...

They posted onto the Forum's late yesterday - Qube3 and Raq. I don't know
why they didn't post the same message onto the email list - oh well!!

After following some of the discussions it would appear that the temporary
fix proposed may cause trouble. People complained that their configuration
became broken. Restoring sendmail.cf files fixed a number of these
problems. Seemed to me like somehow the config file was being overwritten.

Me - I used Solarspeeds yesterday for the Qube3 - it was painless, can be
uninstalled when a proper distribution becomes available. I don't see any
reason to tamper with a working system for now.

I know this information has been on the security list already but I haven't
seen it here. 

QUOTE

http://zdnet.com.com/2100-1105-991041.html

Hackers' code exploits Sendmail flaw

A group of four Polish hackers published code to an open security mailing 
list on Tuesday that can take advantage of a major vulnerability in the 
Sendmail mail server.

If you go to the zdnet article you can read all about it. The original post
by the Polish Hackers to Bugtraq (with code) can be found here:

http://www.securityfocus.com/archive/1/313757


-- 
Peter Frederick
MIS Director, Indiana Packers Corp, Delphi IN
Phone: (765) 564-9705   Fax: (765) 564-3684
Work: pfred@xxxxxxxxx   (Qube3 Professional running 6.4)
============================================================================
'Tis better to light one candle than to curse the darkness a thousand times!