Re: Anti-spam system
On Wed, 18 Oct 2000 15:46:47 PDT, "John L. Fjellstad" writes:
>On Wed, Oct 18, 2000 at 11:25:40PM +0200, Robert Waldner wrote:
>
>> or down-/upgrade to 8.9.3, my current potato 8.9.3-21 isn´t vulnerable
>> to this (or to any other from http://www.abuse.net/relay.html) relay
>> attack.
>
>I would probably not use the 8.9 or earlier series of Sendmail. There
>was a bug in Sendmail versions earlier than 8.10 that made it
>possible for remote users to destroy your mailbox. Check
>bugtraq for more information (do a search for sendmail, it was around
>April this year).
I think you´re referring to the "unsafe fgets() problem", as in
http://forum.securityportal.com/list-archive/bugtraq/2000/Apr/0181.html
>Of course, knowing Debian, the fix has probably been backported.
it is, from /usr/doc/sendmail/changelog.Debian.gz:
---
sendmail (8.9.3-22) frozen; urgency=high
* Fix unsafe fgets in mail.local, based on the upstream patch for 8.10.1
---
which of course means that you should upgrade to at least 8.9.3-22 or
-23[0], the latter is already in stable.
cheers,
&rw
0: one may run into the same confusion as I did:
220 cruncher.Austria.EU.net ESMTP Sendmail 8.9.3/8.9.3/Debian 8.9.3-21; Thu, 19 Oct 2000 07:32:27 +0200
although it´s really
[waldner:/usr/doc/sendmail] dpkg -l | grep sendm
ii sendmail 8.9.3-23 A powerful mail transport agent.
--
/ Robert Waldner <Waldner@KPNQwest.at> | Phone: +43 1 89933 0 Fax x533 \
\ KPNQwest/AT tech staff | Diefenbachg. 35 A-1150 Wien /
Reply to: