[170] in bugtraq
Re: udp packet storms - ping death
daemon@ATHENA.MIT.EDU (Bob Kelley)
Fri Nov 4 14:39:54 1994
From: Bob Kelley <bkelley@hpnmcldg.cup.hp.com>
To: bugtraq@fc.net (Bugtraq Mailing List)
Date: Fri, 04 Nov 1994 9:47:03 PST
> > To test this, remove your aliases.pag and aliases.dir and run
> > 'newaliases'. If the files reappear as 666, your sendmail is vulnerable.
> > The default Sun 4.1.3_U1 sendmail is vulnerable and at the time I sent it
> > in, Unicos sendmail was also vulnerable, as well as others, I'm sure.
> >
> > BTW: I sent this to CERT and CIAC over a year ago, and it doesn't appear
> > to be fixed yet (at least not by Sun).
>
> Vendors aim to fix bugs within 15 years of them being reported. Just
> hang on in there and they'll get around to yours...
>
Hi,
It isn't a problem in HP-UX 8.x or 9.x which are the versions that
are supported (or the versions I at least claim to support.) I'm
not claiming that we've addressed all network problems, but I am
trying...in the past year, our HP sendmail has had about 6 patches
covering maybe 60 issues so at this point I think we've addressed
most of the pending sendmail security issues (I'm sure there are plenty
more that I haven't heard of, sendmail being what it is.)
flame away...
Bob Kelley
HP-UX Networking
bkelley@cup.hp.com
