From: Holger.VanKoll@SWISSCOM.COM
Date: Mon Mar 10 2003 - 12:57:12 EST
every sendmail 8.x older than approx. 2 weeks is vulnerable
the vulnerability goes down to version 5.x (sendmail, not aix ;-)
probably you are also vulnerable if sendmail is not running in
daemonmode!
-----Original Message-----
From: Tim Muller [mailto:aix_sa_706@YAHOO.COM]
Sent: Monday, March 10, 2003 6:35 PM
To: aix-l@Princeton.EDU
Subject: More on sendmail
This is from the CERT website:
<IBM Corporation
The AIX operating system is vulnerable to the sendmail
issues discussed in releases 4.3.3, 5.1.0 and 5.2.0. >
Does this mean that versions of AIX prior to 4.3.3 are
not affected? I'm running AIX 4.3.2 and sendmail
8.8.8 on two servers.
The CERT annoucement goes on to say:
<A temporary patch is available through an efix
package which can be found at
ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_efix.tar.Z
IBM will provide the following official fixes:
APAR number for AIX 4.3.3: IY40500 (available approx.
03/12/2003)
APAR number for AIX 5.1.0: IY40501 (available approx.
04/28/2003)
APAR number for AIX 5.2.0: IY40502 (available approx. 04/28/2003)>
TIA.
=====
Tim Mueller
Hamilton Co. Dept. of Job & Family Services
Cincinnati, OH USA
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:38 EDT