Results 1 to 3 of 3
  1. #1
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003

    Sendmail critical security problem

    from sendmail.org

    Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.9. It contains a fix for a critical security problem discovered by Michal Zalewski whom we thank for bringing this problem to our attention. Sendmail urges all users to either upgrade to sendmail 8.12.9 or apply a patch for your sendmail version. Remember to check the PGP signatures of patches or releases obtained via FTP or HTTP (to check the correctness of the patches in this announcement please verify the PGP signature of it). For those not running the open source version, check with your vendor for a patch.

    yes, this is a new version 3/29/03 to fix a different problem

    also see CERTŪ Advisory CA-2003-12 Buffer Overflow in Sendmail
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Unfortunately as of the time of writing, Redhat haven't yet released an updated package.

    I am really getting pissed off with Sendmail as it has the most vulnerabilities of any package ever. In its long and proud history, it's hosted at least two worms (the first one in 1988) and countless remote exploits in the wild. There is no evidence that this trend is going to stop.

    Sadly my production environment currently uses Sendmail, for no other reason than it's the stock Redhat MTA. In the few months I've been running this system, this is the second time a remote vulnerability has come out for Sendmail.

    I have used Qmail and Exim in the past. I am now considering moving to one of those for my production systems.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    might i suggest postfix, it's very easy to configure, since my install of 7.3 i have yet to have a problem nor have any huge bugs with it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts