From: McHugh, Jerome (jmchugh@TOWER.COM)
Date: Tue Mar 11 2003 - 15:58:48 EST
What we did in our organization. Maybe this will help others.
As IBM states,
------------------------------------------------------------------------
------
IBM Corporation
The AIX operating system is vulnerable to the sendmail
issues
discussed in releases 4.3.3, 5.1.0 and 5.2.0.
A temporary patch is available through an efix package which can
be
found at
ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_efix.tar.Z
IBM will provide the following official fixes:
APAR number for AIX 4.3.3: IY40500 (available
approx.
03/12/2003)
APAR number for AIX 5.1.0: IY40501 (available
approx.
04/28/2003)
APAR number for AIX 5.2.0: IY40502 (available
approx.
04/28/2003)
------------------------------------------------------------------------
------
Our organization has many down-level AIX boxes 4.1.5 & 4.2.1 all running
sendmail. After reviewing the sendmail vulnerability we took the
approach of placing single Linux server running a patched version of
sendmail at our "mail boarder" that all inbound emails must pass through
(similar in function to our inbound virus gateway).
As stated in:
---------------------------cut------------------------------------------
---------
CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Original release date: March 3, 2003
Last revised: --
Source: CERT/CC
A patched sendmail server will drop invalid headers, thus preventing
downstream servers from receiving them.
---------------------------cut------------------------------------------
---------
This provides is with a significant level of protection allowing us to
upgrade all the sendmail clients on a reasonable schedule.
Jerome McHugh
Senior Systems Administrator, Lead
-----Original Message-----
From: Bill Verzal [mailto:Bill_Verzal@BCBSIL.COM]
Sent: Tuesday, March 11, 2003 11:49 AM
To: aix-l@Princeton.EDU
Subject: Sendmail hole
(I don't feel like spelling vulnerability)
Management here has just asked us to shut off sendmail because of the
most
recent hole. Anyone got any obvious reasons why we should/should not do
this ?
BV
------------------------------------------------------------------------
--------------------------------
Bill Verzal
Technical Consultant
Forbes Technical Consulting
(312) 653-3684
bill_verzal@bcbsil.com
billverzal@imcingular.com (Pager)
888-428-4025 (Pager)
MailStop: 27.202B
**********
The information contained in this communication is confidential,
private, proprietary, or otherwise privileged and is intended only for
the use of the addressee. Unauthorized use, disclosure, distribution or
copying is strictly prohibited and may be unlawful. If you have
received this communication in error, please notify the sender
immediately at (312)653-6000 in Illinois; (972)766-6900 in Texas; or
(800)835-8699 in New Mexico.
**********
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:38 EDT