 |
Sendmail Vulnerability Issues | |
|
|
|
|
|
|
|||
|
|
|
|
|
A critical security problem was recently discovered in sendmail (www.sendmail.org) and a new version 8.12.8 containing a fix is now available. Although H-Sphere doesn't include sendmail package by default, boxes that don't have H-Sphere mail system based on qmail/vpopmail may contain a custom sendmail package. We recommend checking your webservers, CP server and database servers as follows: Linux: --------------------------------------------- [root@server root]# rpm -qa|grep sendmail sendmail-cf-8.11.6-15 sendmail-8.11.6-15 sendmail-devel-8.11.6-15 --------------------------------------------- FreeBSD: --------------------------------------------- [root@server root]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 monster.psoft ESMTP Sendmail +0200 ^] telnet> Connection closed. --------------------------------------------- If you have a sendmail package installed and sendmail SMTP daemon running, you should update or patch the package. The instructions are available on the sendmail site at www.sendmail.org. |
|
|