From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Thu Mar 06 2003 - 09:59:10 EST
Yes; I saw the same information and it does look like it's an unexploitable
exploit as far as AIX - and most other systems - is concerned. (I don't
know how trustworthy LSD are, but I have no reason to think ill of them.)
However, there's a lot of management concern and I'm looking for ways of
reducing the problems not just this time but for ever more, and alternative
mail servers are one approach that we'll consider.
Simon Green
Altria ITSC Europe s.a.r.l.
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will seldom be appreciated.
> -----Original Message-----
> From: Herman, Tim [CC] [mailto:Tim.Herman@MAIL.SPRINT.COM]
> Sent: 06 March 2003 14:44
> To: aix-l@Princeton.EDU
> Subject: Re: Alternatives to sendmail
>
>
> I have been searching all over the underground hacking
> community for how to
> execute this sendmail exploit, and the best I've found is
> something posted
> from lsd-pl.net - and that one doesn't work for AIX anyway.
> 2/3rds of my job
> is white hat hacking, and I could sure use that exploit to
> break into some
> AIX systems I've been tasked to break into here. There is
> talk from the
> people who supposedly "discovered" this latest sendmail
> exploit, that the
> exposure is being significantly over-dramatized. I need a
> working model for
> Solaris, AIX, and Red Hat, but have yet to see one.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:38 EDT