[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Mon Sep 27 20:05:39 2004 -->
- <!--x-from-r13: wvzcbc ng lnubb.pbz (Xvz Bbcbivgpu) -->
- <!--x-message-id: 1096329642.4954.6.camel@blue -->
- <!--x-subject: [ale] Fwd: [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay -->
- <li><em>date</em>: Mon Sep 27 20:05:39 2004</li>
- <li><em>from</em>: jimpop at yahoo.com (Jim Popovitch)</li>
- <li><em>subject</em>: [ale] Fwd: [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay</li>
Thx,
-Jim P.
-----Forwarded Message-----
- --------------------------------------------------------------------------
Debian Security Advisory DSA 554-1 security at debian.org
<a rel="nofollow" href="http://www.debian.org/security/";>http://www.debian.org/security/</a> Martin Schulze
September 27th, 2004 <a rel="nofollow" href="http://www.debian.org/security/faq";>http://www.debian.org/security/faq</a>
- --------------------------------------------------------------------------
Package : sendmail
Vulnerability : pre-set password
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0833
Hugo Espuny discovered a problem in sendmail, a commonly used program
to deliver electronic mail. When installing "sasl-bin" to use sasl in
connection with sendmail, the sendmail configuration script use fixed
user/pass information to initialise the sasl database. Any spammer
with Debian systems knowledge could utilise such a sendmail
installation to relay spam.
For the stable distribution (woody) this problem has been fixed in
version 8.12.3-7.1.
For the unstable distribution (sid) this problem has been fixed in
version 8.13.1-13.
We recommend that you upgrade your sendmail package.
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00892" href="msg00892.html">[ale] Fwd: [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay</a></strong>
<ul><li><em>From:</em> kaboom at gatech.edu (Chris Ricker)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00889.html">[ale] OT: the home computer of 2004</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00891.html">[ale] Cell phones</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00894.html">[ale] OT: ballistics software</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00892.html">[ale] Fwd: [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00890"><strong>Date</strong></a></li>
<li><a href="threads.html#00890"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>