Re: linux box compromised: advice needed

• Previous message: Tony: "iptables -m limit problem"
• In reply to: Rob MacGregor: "Re: linux box compromised: advice needed"
• Next in thread: Iain Brown: "Re: linux box compromised: advice needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: unruh@physics.ubc.ca (Bill Unruh)
Date: 25 Mar 2002 20:58:02 GMT

In <3C9ED0E1.610E609B@privacy.net> Rob MacGregor <me@privacy.net> writes:

]David wrote:

]> Also if you need to run a mail server upgrade sendmail to the newest
]> version which is "8.12.2" or possibly switch to a more secure MTA like
]> qmail or one of the others.

]Please don't spread FUD, sendmail is hardly insecure.

The design of sendmail is suspect-- it is a monolitic suid program.
Making sure you have caught all possible security faults is difficult,
as is evidenced by the fact that sendmail is now over 20 years old, and
still security flaws show up relatively regularly. Less often now than
befor admitedly.

]Take a look at www.securityfocus.com and see how many vulnerabilities are listed.
]Sendmail 8.11 lists a whole 3 problems. All require local access - one doesn't
]even have any known exploit and another is "only" a DoS. Pretty unlikely to have
]been the cause of a *remote* exploit...

]The latest version recorded in their database (8.12.1, behind the times) doesn't
]even list any vulnerabilities.

]Sure, sendmail *used* to be insecure, but that's ancient history.

Not that ancient, and the design is worrysome.

• Next message: Dankin: "ipchains log"
• Previous message: Tony: "iptables -m limit problem"
• In reply to: Rob MacGregor: "Re: linux box compromised: advice needed"
• Next in thread: Iain Brown: "Re: linux box compromised: advice needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]