Sendmail 8.12.10 (Re: patch your systems - new openssh exploit out)

Rich Braun richb at pioneer.ci.net
Wed Sep 17 23:34:00 EDT 2003


Clint M. Sand <clint at neotrance.dyndns.org> wrote:
> There's a new openssh exploit out. A patch is released for openbsd. and
> OpenSSH 3.7 is now out to address the problem on other platforms (linux)
>
> Just in case its not obvious, this has huge implications. Upgrade asap.

And while we're on the CERT-advisory upgrade topic, here's the blurb from
www.sendmail.org:

"Sendmail, Inc., and the Sendmail Consortium announce the availability of
sendmail 8.12.10. It contains a fix for a security problem discovered by
Michal Zalewski whom we thank for bringing this problem to our attention. We
also want to thank Todd C. Miller for providing a patch. sendmail 8.12.10 also
includes fixes for other potential problems, see the release notes below for
more details. Sendmail urges all users to either upgrade to sendmail 8.12.10
or apply a patch."

Ugh.  I just got through installing and tweaking about 40 apps.  Then a guy
named Zalewski hit the speed-up button on my upgrade treadmill...  Ugh. 
Someone here said I should be using postfix.  Not bad advice, I guess.  ;-) 
And I did say "next time a CERT advisory comes out", that I'd be revisiting
the topic.  Looking at the BLU archives, we just had this discussion a mere 15
days ago!

Someone else mentioned a cool tool for keeping tabs on CERT advisories, one
which automatically compares them with the installed apps on a Suse system and
gives a signal.  What's the name of that tool?  (Not that I necessarily want
to ask the question "How high?" the minute a cracker says "Jump!")

-rich




More information about the Discuss mailing list