|
Bugtraq
mailing list archives
Re: udp packet storms - ping death
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Thu, 3 Nov 1994 14:18:19 +0000 (GMT)
[ various info about newaliases .. ]
To test this, remove your aliases.pag and aliases.dir and run
'newaliases'. If the files reappear as 666, your sendmail is vulnerable.
The default Sun 4.1.3_U1 sendmail is vulnerable and at the time I sent it
in, Unicos sendmail was also vulnerable, as well as others, I'm sure.
BTW: I sent this to CERT and CIAC over a year ago, and it doesn't appear
to be fixed yet (at least not by Sun).
Vendors aim to fix bugs within 15 years of them being reported. Just
hang on in there and they'll get around to yours...
In 15 years you can get in touch and ask for the status. If its been lost
though (for example, if you reported it to CERT who didnt report it any further
[even though they claimed to, 15 years earlier]), the clock is reset and your
15 years starts again... :-)
Seriously though, I bet this isnt anywhere near the top of their list, seeing
as it stems from a configuration problem.
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk
|
 By Date 
By Thread
Current thread:
|
Intro
