Re: Sendmail vulnerability
From: Andrew McNaughton (andrew_at_scoop.co.nz)
Date: 09/21/03
- Previous message: James Raftery: "Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED]"
- In reply to: Andrej (Andy) Brodnik: "Re: Sendmail vulnerability"
- Next in thread: Gregory Neil Shapiro: "Re: Sendmail vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Sep 2003 15:05:34 +1200 (NZST) To: "Andrej (Andy) Brodnik" <Andrej.Brodnik@IMFM.Uni-Lj.SI>
On Sat, 20 Sep 2003, Andrej (Andy) Brodnik wrote:
> Date: Sat, 20 Sep 2003 09:20:08 +0200
> From: "Andrej (Andy) Brodnik" <Andrej.Brodnik@IMFM.Uni-Lj.SI>
> To: Andrew McNaughton <andrew@scoop.co.nz>
> Cc: freebsd-security@freebsd.org
> Subject: Re: Sendmail vulnerability
>
> On Thu, Sep 18, 2003 at 04:17:07PM +1200, Andrew McNaughton wrote:
> >
> > I've been using sendmail from ports for some time. I just upgraded
> > to sendmail 8.12.10 by changing the version number in the makefile,
> > then doing `make makesum build deinstall reinstall`.
> >
> > Everything built cleanly, started up ok, accepted a delivery and
> > generally looks oK so far an outgoiand looks ok so far.
>
> And this is OK? I mean does this remove the security problem?
I haven't tested vulnerability directly, but 8.12.10 was brought out after
the exploit was reported in order to address the security issue.
Since my message to the list, the sendmail port has been updated in the
FreeBSD CVS repository in precisely the same way I did it. The CVS update
has the message:
Security update to 8.12.10 Approved by: marcus (portmgr)
You could always check the new sendmail sources yourself.
-- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton Currently in Boomer Bay, Tasmania andrew@scoop.co.nz Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: James Raftery: "Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED]"
- In reply to: Andrej (Andy) Brodnik: "Re: Sendmail vulnerability"
- Next in thread: Gregory Neil Shapiro: "Re: Sendmail vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
