Hi Uli and Martin --- <... last nite I downloaded the patch for "sendmail" However, i have my copy of "sendmail" turned off, put I was planning to turn it on soon, when I saw Martin's post and wondered how many have switched to Wietse Venema's "postmix, which SuSE has a version for my 8.0 box, and probably for 8.1 too--- i tried to load "postfix" but it conflicts w/send mail -- so .....what to do??? comments, anyone. TIA
"Ulrich Roth"
Hi Martin,
SuSE Security Announcement
Package: sendmail, sendmail-tls Announcement-ID: SuSE-SA:2003:013
Does the bugfix "repair" affected messages, so that servers behind a patched sendmail are protected? Or are the "bad" headers passed on to the next MTA unmodified?
Yes, the bad headers are passed on.
Quote from the announcement:
The vulnerability is triggered by an email message sent through the sendmail MTA subsystem. In that respect, it is different from commonly known bugs that occur in the context of an open TCP connection. By consequence, the vulnerability also exists if email messages get forwarded over a relay that itself does not run a vulnerable MTA. This specific detail and the wide distribution of sendmail in the internet causes this vulnerability to be considered an error of major severity.
Bye Uli -- Ulrich Roth IMPACT Business & Technology Consulting GmbH Im Mediapark 8 / KölnTurm D-50670 Koeln Phone +49-221-93 70 80-29 Fax +49-221-93 70 80-15 E-Mail: roth@impact.de
--
__________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/