Sendmail vulnerability
Andrew McNaughton
andrew at scoop.co.nz
Sat Sep 20 20:05:37 PDT 2003
On Sat, 20 Sep 2003, Andrej (Andy) Brodnik wrote:
> Date: Sat, 20 Sep 2003 09:20:08 +0200
> From: "Andrej (Andy) Brodnik" <Andrej.Brodnik at IMFM.Uni-Lj.SI>
> To: Andrew McNaughton <andrew at scoop.co.nz>
> Cc: freebsd-security at freebsd.org
> Subject: Re: Sendmail vulnerability
>
> On Thu, Sep 18, 2003 at 04:17:07PM +1200, Andrew McNaughton wrote:
> >
> > I've been using sendmail from ports for some time. I just upgraded
> > to sendmail 8.12.10 by changing the version number in the makefile,
> > then doing `make makesum build deinstall reinstall`.
> >
> > Everything built cleanly, started up ok, accepted a delivery and
> > generally looks oK so far an outgoiand looks ok so far.
>
> And this is OK? I mean does this remove the security problem?
I haven't tested vulnerability directly, but 8.12.10 was brought out after
the exploit was reported in order to address the security issue.
Since my message to the list, the sendmail port has been updated in the
FreeBSD CVS repository in precisely the same way I did it. The CVS update
has the message:
Security update to 8.12.10 Approved by: marcus (portmgr)
You could always check the new sendmail sources yourself.
--
No added Sugar. Not tested on animals. May contain traces of Nuts. If
irritation occurs, discontinue use.
-------------------------------------------------------------------
Andrew McNaughton Currently in Boomer Bay, Tasmania
andrew at scoop.co.nz
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
More information about the freebsd-security
mailing list