Firewalls: Re: sendmail hole

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: sendmail hole
From:	emwmf @ emw . ericsson . se (Martin Fredriksson)
Date:	Fri, 24 Feb 95 09:13:28 +0100
To:	fc @ all . net
Cc:	firewalls @ greatcircle . com

> Does anyone know what the hole is and how to test for it?
> As usual, I have uploaded the CERT advisory and it tells me
> nothing about how to test for it or what it is (other than a
> newline in the address field causing problems).
> 
> I would very much like to be able to add a test for it to
> our test set. - FC

Is it really profitable to check for a specific hole in sendmail?
Check version number may be ok, but why bother?  sendmail is the
hole, isn't it :-( ?

Don't think CERT wants to publish ways to test for the hole.  Know
I don't want them to.

/// Martin F

Follow-Ups:

Re: sendmail hole
From: Frank Wortner <frank @ prodigy . com>

Indexed By Date	Previous:	Using Linux for a firewall. From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Date	Next:	Re: CD-ROM based bastion (Solaris 2) From: "Simon J. Gerraty" <sjg @ zen . void . oz . au>
Indexed By Thread	Previous:	sendmail hole From: randy @ psg . com (Randy Bush)
Indexed By Thread	Next:	Re: sendmail hole From: Frank Wortner <frank @ prodigy . com>