Jim, No, this is not an old alert. If you're running sendmail, you should upgrade. I don't know if there are Linux/390 packages available yet or not, since I'm not running sendmail.
Mark Post -----Original Message----- From: James Melin [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 9:17 AM To: [EMAIL PROTECTED] Subject: Send mail alert - is this old? Are there L/390 patches out yet? |---------+----------------------------> | | "Harrod, William"| | | <[EMAIL PROTECTED]| | | e.com> | | | | | | 03/03/2003 02:17 | | | PM | | | | |---------+----------------------------> >--------------------------------------------------------------------------- ---------------------------------------------------| | | | To: "Harrod, William" <[EMAIL PROTECTED]> | | cc: | | Subject: TruSecure ALERT- TSA 03-002 - Sendmail Buffer Overflow -- ALERT | >--------------------------------------------------------------------------- ---------------------------------------------------| -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TruSecure ALERT- TSA 03-002 - Sendmail Buffer Overflow -- ALERT Initial Assessment: Important Date: February 14, 2003 Time: 2000 UTC Current Assessment: RED HOT Date: March 3, 2003 Time: 1700 UTC On February 14th a TruSecure Radar posting indicated that we were aware of a potential vulnerability in Sendmail. Today, a coordinated announcement was made regarding a Sendmail header buffer overflow vulnerability. It is expected that code exploiting this vulnerability is already in circulation and attacks will be likely in the near future. Most installations of Unix include Sendmail by default and are therefore probably vulnerable. This may impact an organization's infrastructure because many firewalls and content filtering products contain Sendmail. It is recommended that customers who are using a firewall that proxies mail, using Sendmail, implement packet filtering rules to redirect mail through patched or non-Sendmail systems while propagating fixes from their vendors. RISK INDICIES: Current Assessment: RED HOT Threat: High - The vulnerability allows administrative access on an exploited host. The exploit takes advantage of a fixed-sized buffer used to process certain mail header fields, (To:, From:, CC:, Resent From: and related comment fields.) Vulnerability Prevalence: High - Sendmail is installed by default on most Unix systems and this exploit may impact critical infrastructure devices as well as numerous devices without mail functionality, but with Sendmail installed. TruSecure is aware that known malicious coders currently have exploit code to work from. We expect simple exploits in the near term, and more complex exploits including mail-based worms shortly thereafter. Cost: High - This exploit may provide administrative access on vulnerable systems, including infrastructure devices. MITIGATIONS: 1. Re-routing mail from Sendmail devices to already patched servers or non-Sendmail systems while propagating patches. 2. Substitute other Message Transfer Agents for Sendmail in your organization (Postfix, Qmail, Exim, Exchange...) 3. Patch vulnerable systems as quickly as possible. The following vendors have announced patch availability: Mandrake, SuSE, IBM, FreeBSD, OpenBSD, SGI, Red Hat. NOTES: 1. People using TruSecure Shadow Mail should be safe from this attack downstream. 2. There are reports that Sendmail servers downstream from Patched Sendmail systems may be protected from potential attacks.
