> Does anyone have more info on the sendmail vulnerability announced by
> CERT yesterday?
Why, as a matter of fact...
The bug is a variation of an older one; basically by manipulating the
headers you can execute a command remotely. I don't know how your setup
forwards mail, but if you just pump all the mail to a internal spot that
then processes it, I suppose it could be affected (and certainly if you
use sendmail to forward the stuff.)
A couple of other details; as far as I know, when the bug is exploited,
or is attempted, a note will go to the postmaster, so if you see some
suspicious mail (you'd know when you saw it, believe me :-)) I'm not
sure if this is a strictly sun thing, but I suspect we did this one
all by ourselves. I'll be sending some stuff to berkeley, however,
just to be sure.
-- d
Follow-Ups:
|
|
