From: Craig Lant (craig_at_ack.berkeley.edu)
Date: Thu Apr 03 2003 - 13:49:16 PST
Another new vulnerability has been discovered in sendmail that can be
exploited to cause a denial-of-service (DoS) condition, as well as
possibly to allow a remote attacker to gain privileged access on the
computer running sendmail.
This vulnerability is different from one announced on 03Mar2003, though
with the possibility of similar risks. There currently appear to be no
exploits 'in the wild', especially with respect to the gaining of
privileged access.
When the first vulnerability appeared there was a strong sense in the
security community that such a vulnerability could create havoc,
particularly since it was believed that an active exploit had been
created. For this reason SNS attempted to directly contact the
administrators of all campus systems running sendmail. We are not
convinced this is necessary for this vulnerability. So we are only
sending this notification to lists of computer professionals with the
advice that anyone running sendmail should apply the appropriate patches
for their systems. And, of course, anyone who does not really need to
be running it should disable it.
See the CERT announcement CA-2003-12 for further information. It is
available at the following URL:
http://www.cert.org/advisories/CA-2003-12.html
Thanks,
Craig
Craig Lant
------- Campus Information Systems Security Officer -------
----- University of California, Berkeley -----
510-643-0596 craig_at_ack.Berkeley.edu
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Thu Apr 03 2003 - 14:04:54 PST