mailing list archives
Re: udp packet storms - ping death
From: bkelley () hpnmcldg cup hp com (Bob Kelley)
Date: Fri, 04 Nov 1994 9:47:03 PST
To test this, remove your aliases.pag and aliases.dir and run
'newaliases'. If the files reappear as 666, your sendmail is vulnerable.
The default Sun 4.1.3_U1 sendmail is vulnerable and at the time I sent it
in, Unicos sendmail was also vulnerable, as well as others, I'm sure.
BTW: I sent this to CERT and CIAC over a year ago, and it doesn't appear
to be fixed yet (at least not by Sun).
Vendors aim to fix bugs within 15 years of them being reported. Just
hang on in there and they'll get around to yours...
It isn't a problem in HP-UX 8.x or 9.x which are the versions that
are supported (or the versions I at least claim to support.) I'm
not claiming that we've addressed all network problems, but I am
trying...in the past year, our HP sendmail has had about 6 patches
covering maybe 60 issues so at this point I think we've addressed
most of the pending sendmail security issues (I'm sure there are plenty
more that I haven't heard of, sendmail being what it is.)
bkelley () cup hp com