[Esd-l] FYI critical sendmail vulnerability

Kenneth Porter shiva at sewingwitch.com
Tue Mar 4 13:52:06 PST 2003


--On Tuesday, March 04, 2003 6:31 AM -0800 "John D. Hardin"
<jhardin at impsec.org> wrote:

> Not necessarily. The sanitizer could conceivably be running on a
> qmail or postfix gateway in front of a vulnerable sendmail, or be
> sanitizing outbound messages the same way.

Or a patched sendmail that serves a LAN that might have unpatched sendmails
running. That scenario is mentioned in the advisory as motivation for
making sure all internal servers get updated.


More information about the esd-l mailing list