sendmail vuln.

**s3kk3y** · 03-03-2003 03:38 PM

http://www.msnbc.com/news/880094.asp?0cv=CB10I'm&cp1=1

Has anyone had a chance to read that article?

How does it affect cpanel users?

**hyrum** · 03-03-2003 08:01 PM

I was just coming to ask the same thing

A fairly big exploit by the sounds of it.

**dgbaker** · 03-03-2003 08:09 PM

It's going into our servers now.

This is from the RH Advisory System
Red Hat Network has determined that the following advisory is applicable to one or more of the systems you have registered:

Security Advisory - RHSA-2003:073-06
------------------------------------------------------------------------------
Summary:
Updated sendmail packages fix critical security issues

**xsenses** · 03-03-2003 08:16 PM

So what is the vote manual upgrade?

**hyrum** · 03-03-2003 08:31 PM

Hmm, would be nice to see it packaged in a Cpanel update

**cretu** · 03-03-2003 08:45 PM

Will be then, an update on this?

Cretu

**Curious Too** · 03-03-2003 08:48 PM

Originally posted by s3kk3y
http://www.msnbc.com/news/880094.asp?0cv=CB10I'm&cp1=1

Has anyone had a chance to read that article?

How does it affect cpanel users?

cPanel uses Exim -- /usr/lib/sendmail and /usr/sbin/sendmail are actually symlinked to Exim.

**cretu** · 03-03-2003 08:52 PM

So, should I patch the sendmail with rmp from Red Hat or not?
Sorry for my ignorence but I really seek clear answers.

Cretu

**xsenses** · 03-03-2003 08:57 PM

"Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly."

From RedHat Network

**rpmws** · 03-03-2003 11:22 PM

I think I am seeing this now in my logs. I have 2 IPs hitting my mail server. Each one hits different times. about 200 hits and then it stops for 5 minutes. The IPs are RIPE IPs

I don't think we can be infected or compromised but it is causing my mail server to bog down already

**xsenses** · 03-04-2003 12:33 AM

So since Exim is in use this exploit does not apply - correct?

ozzi4648 · 03-04-2003 01:54 AM

Originally posted by rpmws
I think I am seeing this now in my logs. I have 2 IPs hitting my mail server. Each one hits different times. about 200 hits and then it stops for 5 minutes. The IPs are RIPE IPs

I don't think we can be infected or compromised but it is causing my mail server to bog down already

Who me a snippet of those server hits. I want to see what your referring to.

**rpmws** · 03-04-2003 02:05 AM

It's calmed down now ..but just today and yesterday over 100K of these below and 80K from the other IP. no other large mail issues. 30 in cue. No spam going out. I don't know maybe I am wrong.. but i have never seen this before.

2003-03-03 14:53:41 18pw0K-000487-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
2003-03-03 14:53:50 18pw0S-00048z-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
2003-03-03 14:53:55 18pw0Y-00049t-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
2003-03-03 14:54:02 18pw0f-0004A3-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
2003-03-03 14:54:07 18pw0k-0004AQ-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
2003-03-03 14:54:14 18pw0r-0004B3-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
2003-03-03 14:54:20 18pw0x-0004BA-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later

ozzi4648 · 03-04-2003 02:28 AM

I dont know if you can call those the exploit hits but i can tell you that if i was you i would just plop those UK ips into my firewall for good.

**rpmws** · 03-04-2003 02:29 AM

already did

LinkBack

Thread Tools

sendmail vuln.

Re: sendmail vuln.

sendmail: sendmail cannot be called directly from a shell with the current user id

Freebsd 5.4 vuln packages!

Pure-ftpd bologna vuln

Looking for file, mail/sendmail.mc and services/sendmail

A serious cpanel vuln?