Sendmail Vulnerability - Positive Software Corporation

Leftb
Spacer Sendmail Vulnerability Issues Spacer
Spacer Spacer Spacer
Spacer
Spacer Spacer Spacer
Spacer

A critical security problem was recently discovered in sendmail (www.sendmail.org) and a new version 8.12.8 containing a fix is now available.

Although H-Sphere doesn't include sendmail package by default, boxes that don't have H-Sphere mail system based on qmail/vpopmail may contain a custom sendmail package. We recommend checking your webservers, CP server and database servers as follows:

Linux:

---------------------------------------------
[root@server root]# rpm -qa|grep sendmail
sendmail-cf-8.11.6-15
sendmail-8.11.6-15
sendmail-devel-8.11.6-15
---------------------------------------------

FreeBSD:

---------------------------------------------
[root@server root]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 monster.psoft ESMTP Sendmail
+0200
^]
telnet> Connection closed.
---------------------------------------------

If you have a sendmail package installed and sendmail SMTP daemon running, you should update or patch the package. The instructions are available on the sendmail site at www.sendmail.org.

Spacer


Spacer
Home   Products   Services   News  
Spacer
© Copyright. . PSOFT. All Rights Reserved. Terms | Site Map