[239] in linux-announce channel archive
Sendmail Security Alert
daemon@ATHENA.MIT.EDU (Lars Wirzenius)
Sat Feb 25 12:37:50 1995
Date: Sat, 25 Feb 1995 18:20:34 +0200
From: Lars Wirzenius <wirzeniu@cc.helsinki.fi>
To: linux-activists@niksula.hut.fi, linux-announce@vger.rutgers.edu
X-Mn-Key: announce
From: lee@netspace.students.brown.edu (Lee Silverman)
Subject: Sendmail Security Alert
Organization: Brown University
Summary: sendmail 8.6.10 fixes bugs
Keywords: sendmail 8.6.10 CERT security alert
Newsgroups: comp.os.linux.announce
Approved: linux-announce@tc.cornell.edu (Lars Wirzenius)
Followup-to: comp.os.linux.networking
CERT has just issued an emergency alert about sendmail 8.6.9 and
earlier. Apparently, the ident support in these versions of sendmail
allowed an attacker to read any file on your system. Next time you see
someone who says that every hole in sendmail has been found, you can
stick out your tongue and make funny faces at them.
Anyway, a patch that'll take you from 8.6.9 to 8.6.10 has been
made available by Eric Allman. I have applied this patch to the stock
sendmail source for 8.6.9, and have made available the resulting sendmail
binary, which you can use to replace your existing sendmail binary as
/usr/sbin/sendmail. You don't need to change your sendmail.cf files if
you're migrating from 8.6.9 to 8.6.10. The patch is also included in the
tar file.
The compiled version is available at:
ftp://ftp.netspace.org/pub/Software/Unix/sendmail.8.6.10.linux-bin.tgz
Just in case you feel like verifying that the patch and binary are legit:
MD5 (sendmail.8.6.10.patch) = 08d6f977c171ea858f1e940163212c3a
MD5 (src/sendmail) = 44afe33fd2e9fe816c5318a6f4a76068
(you can check the stamp of the patch to that published in the CERT
advisory).
--
Lee Silverman, Brown class of '94, Brown GeoPhysics ScM '95
Email to: Lee_Silverman@brown.edu
Phish-Net Archivist: phish-archives@phish.net
"Nonsense - you only say it's impossible because nobody's ever done it."
--
Send submissions for comp.os.linux.announce to: linux-announce@news.ornl.gov
PLEASE remember Keywords: and a short description of the software.
