Sendmail Vulnerability Issues



A critical security problem was recently discovered in sendmail (www.sendmail.org) and a new version 8.12.8 containing a fix is now available.

Although H-Sphere doesn't include sendmail package by default, boxes that don't have H-Sphere mail system based on qmail/vpopmail may contain a custom sendmail package. We recommend checking your webservers, CP server and database servers as follows:

Linux:

---------------------------------------------
[root@server root]# rpm -qa|grep sendmail
sendmail-cf-8.11.6-15
sendmail-8.11.6-15
sendmail-devel-8.11.6-15
---------------------------------------------

FreeBSD:

---------------------------------------------
[root@server root]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 monster.psoft ESMTP Sendmail 8.11.6/8.11.6; Thu, 6 Mar 2003 18:31:15
+0200
^]
telnet> Connection closed.
---------------------------------------------

If you have a sendmail package installed and sendmail SMTP daemon running, you should update or patch the package. The instructions are available on the sendmail site at www.sendmail.org.



Home   Products   Services   Partners   Support   News   Contact   Forum
© 2020 psoft.net
All rights reserved.