Re: Fwd: CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution

To: Annette Meriste <annette.meriste@cablecom.ch>
Cc: debian-security@lists.debian.org
Subject: Re: Fwd: CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution
From: Richard A Nelson <cowboy@debian.org>
Date: Wed, 9 Oct 2002 11:51:28 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.44.0210091132190.28336-100000@badlands.lexington.ibm.com>
In-reply-to: <[🔎] sda38a95.080@cablecom.ch>

Debian (me & the buildds) are not vulnerable :)

I always verify the MD5sums with the announcement letters, and then
store that, along with the signature file in the source deb - allowing
for verification like that below.

I also have the sendmail key on my private keyring, instead of using
the one in the tarball (it wasn't trojanned this time, but I'm ready
if they try it later).

[11:31:44 cowboy@badlands:sendmail-8.12.6 565:0]$ debian/rules verify
# Verifying the md5 summs and signed files
Checking MD5 source: ./sendmail.8.12.6.tar.md5.
Checking signature file ./sendmail.8.12.6.tar.sig.
gpg: Signature made Mon Aug 26 22:06:30 2002 EDT using RSA key ID 678C0A03
gpg: Good signature from "Sendmail Signing Key/2002 <sendmail@Sendmail.ORG>"

-- 
Rick Nelson
<DannyS> Hit the monkey to win $20(*)!
* knghtbrd gets out his mallet.
* knghtbrd plants it firmly on DannyS' head.
* knghtbrd will take his $20 now.  =3DD

Reply to:

References:
- Fwd: CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution
  - From: "Annette Meriste" <annette.meriste@cablecom.ch>

Prev by Date: Re: Having been open relay for a moment (summary)
Next by Date: Slapper worm does more than infect
Previous by thread: Fwd: CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution
Next by thread: Current Exploits
Index(es):
- Date
- Thread