TUCoPS :: SunOS/Solaris :: ciaca16.txt

Vulnerability in SUN Sendmail program 

________________________________________________________________________

                THE COMPUTER INCIDENT ADVISORY CAPABILITY



                                 CIAC



                        INFORMATION BULLETIN

________________________________________________________________________



                Vulnerability in SUN sendmail program





January 29, 1990, 0900 PST                              Number A-16



CIAC has been advised of a new vulnerability in the SUN sendmail

program.  This vulnerability (SUN bug #1028173) exists in all versions

of SUN OS (version 4.1, 4.0.3 on SUN 3, SUN 4, as well as SUN 386i

systems, for which version 4.0.2 is the most current version).  This

vulnerability has been exploited in several recent Internet breakins.



You may obtain a patch directly from SUN by calling (800) USA-4SUN, or

may obtain SUN 3 and 4 sendmail binaries using anonymous FTP from

uunet.uu.net in the /sun-fixes directory.  CIAC can also provide you

with a patch for this vulnerability.



Recent versions of UNIX systems other than SUN OS systems contain a 

sendmail fix.  CIAC encourages you to consult with your vendor about 

upgrading to a recent release if the version you are running does not 

have this fix.



If you have questions, please contact CIAC.

 

        Tom Longstaff   

        (415) 423-4416 or (FTS) 543-4416

        FAX: (FTS) 543-0913 or (415) 294-5054  



CIAC's business hours phone number is (415) 422-8193 or (FTS)

532-8193.  CIAC's 24-hour emergency hot-line number is (415) 971-9384. 

If you call the emergency number and there is no answer, please leave 

a voice mail message.  Someone will return your call promptly.  You may 

also send e-mail to:



        ciac@tiger.llnl.gov           



This bulletin is based on information supplied by the Computer

Emergency Response Team Coordination Center.  Neither the United

States Government nor the University of California nor any of their

employees, makes any warranty,  expressed or implied, or assumes any

legal liability or responsibility for the accuracy, completeness, or

usefulness of any information, product, or process disclosed, or

represents that its use would not infringe privately owned rights.

Reference herein to any specific commercial products, process, or

service by trade name, trademark manufacturer, or otherwise, does not

necessarily constitute or imply its endorsement, recommendation, or

favoring by the United States Government or the University of

California.  The views and opinions of authors expressed herein do not

necessarily state or reflect those of the United States Government nor

the University of California, and shall not be used for advertising or

product endorsement purposes.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH