[ale] Fwd: [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay
Jim Popovitch
jimpop at yahoo.com
Mon Sep 27 20:05:39 EDT 2004
Does anyone know how extensive of a problem this is? Specifically, is
it Debian specific, or has Debian just beat everyone to the punch on
announcing it?
Thx,
-Jim P.
-----Forwarded Message-----
- --------------------------------------------------------------------------
Debian Security Advisory DSA 554-1 security at debian.org
http://www.debian.org/security/ Martin Schulze
September 27th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : sendmail
Vulnerability : pre-set password
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0833
Hugo Espuny discovered a problem in sendmail, a commonly used program
to deliver electronic mail. When installing "sasl-bin" to use sasl in
connection with sendmail, the sendmail configuration script use fixed
user/pass information to initialise the sasl database. Any spammer
with Debian systems knowledge could utilise such a sendmail
installation to relay spam.
For the stable distribution (woody) this problem has been fixed in
version 8.12.3-7.1.
For the unstable distribution (sid) this problem has been fixed in
version 8.13.1-13.
We recommend that you upgrade your sendmail package.
More information about the Ale
mailing list