[Esd-l] FYI critical sendmail vulnerability
shiva at sewingwitch.com
Tue Mar 4 13:52:06 PST 2003
--On Tuesday, March 04, 2003 6:31 AM -0800 "John D. Hardin"
<jhardin at impsec.org> wrote:
> Not necessarily. The sanitizer could conceivably be running on a
> qmail or postfix gateway in front of a vulnerable sendmail, or be
> sanitizing outbound messages the same way.
Or a patched sendmail that serves a LAN that might have unpatched sendmails
running. That scenario is mentioned in the advisory as motivation for
making sure all internal servers get updated.
More information about the esd-l