Home page logo

bugtraq logo Bugtraq mailing list archives

Re: udp packet storms - ping death
From: bkelley () hpnmcldg cup hp com (Bob Kelley)
Date: Fri, 04 Nov 1994 9:47:03 PST

To test this, remove your aliases.pag and aliases.dir and run
'newaliases'. If the files reappear as 666, your sendmail is vulnerable.
The default Sun 4.1.3_U1 sendmail is vulnerable and at the time I sent it
in, Unicos sendmail was also vulnerable, as well as others, I'm sure.

BTW: I sent this to CERT and CIAC over a year ago, and it doesn't appear
to be fixed yet (at least not by Sun).

Vendors aim to fix bugs within 15 years of them being reported.  Just
hang on in there and they'll get around to yours...


It isn't a problem in HP-UX 8.x or 9.x which are the versions that
are supported (or the versions I at least claim to support.)  I'm
not claiming that we've addressed all network problems, but I am 
trying...in the past year, our HP sendmail has had about 6 patches 
covering maybe 60 issues so at this point I think we've addressed
most of the  pending sendmail security issues (I'm sure there are plenty
more that I haven't heard of, sendmail being what it is.)

flame away...

Bob Kelley
HP-UX Networking 
bkelley () cup hp com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]