About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Technology
Hack
Hacker Zines
CERT
CHAL
CHAOS
CIAC
CPD
CPSR
CRH
CWD
CuD
CuD/A
EFF
LOL
MOD
Miscellaneous Phreak and Hacker Zines
NIA
RISKS
UXU
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

CERT Advisory #12

NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
CERT Advisory
29 January 1990
Sun Sendmail Vulnerability

The Computer Emergency Response Team Coordination Center (CERT/CC) has
learned of, and has verified, break-ins on several Internet systems
in which the intruders have exploited a vulnerability in the Sun
sendmail program. This vulnerability exists in all versions of
SunOS up to and including the current version, 4.0.3 on Sun 3, Sun 4,
and Sun 386i systems (note that 4.0.2 is the most current version of
SunOS on the 386i machines). That is, all current Sun systems.

The vulnerability has previously been reported to Sun and a solution
to this problem (Sun bug # 1028173) is available via a new version of
sendmail supplied by Sun. The new sendmail is available directly from
the Sun Answer Center (1-800-USA-4SUN). Sun 3 and Sun 4 sendmail
binaries are also available via anonymous FTP from uunet.uu.net in the
/sun-fixes directory.

This incident underscores the need for system administrators to
maintain an awareness of the steps their vendors are taking to
improve the security aspects of their products, and to seriously
consider upgrading system configurations when solutions to security
problems are made available.

Administrators of Sun systems are urged to contact Sun for the new
version of the sendmail program. Administrators of machines other
than Suns are urged to contact their vendors to verify that they are
running the latest version of sendmail, since there may have been
security related fixes to it in the past year.

If you need further information on this problem, contact your Sun
representative or CERT/CC. CERT/CC can be contacted by telephone at
(412) 268-7090 (24 hours) or email to [email protected] (monitored
daily).

Our thanks to Matt Bishop and Wayne Cripps for their efforts in
analyzing and investigating this problem and its solution.

Kenneth R. van Wyk
Technical Coordinator, Computer Emergency Response Team
Software Engineering Institute
Carnegie Mellon University
[email protected]
(412) 268-7090 (24 hour hotline)
 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
Reading childrens books weird?
What are you currently reading?
How often do you read?
Would you let your novel become a movie?
Penguin and Barnes and Noble, fleecing customer?
Chuck Palahniuk
What does reading mean for you?
Book Recommendation
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

 

TSHIRT HELL T-SHIRTS