Re: udp packet storms - ping death

[bkelley () hpnmcldg cup hp com (Bob Kelley)]

> > To test this, remove your aliases.pag and aliases.dir and run
> > 'newaliases'. If the files reappear as 666, your sendmail is vulnerable.
> > The default Sun 4.1.3_U1 sendmail is vulnerable and at the time I sent it
> > in, Unicos sendmail was also vulnerable, as well as others, I'm sure.
> >
> > BTW: I sent this to CERT and CIAC over a year ago, and it doesn't appear
> > to be fixed yet (at least not by Sun).
>
> Vendors aim to fix bugs within 15 years of them being reported.  Just
> hang on in there and they'll get around to yours...

Hi,

It isn't a problem in HP-UX 8.x or 9.x which are the versions that
are supported (or the versions I at least claim to support.)  I'm
not claiming that we've addressed all network problems, but I am 
trying...in the past year, our HP sendmail has had about 6 patches 
covering maybe 60 issues so at this point I think we've addressed
most of the  pending sendmail security issues (I'm sure there are plenty
more that I haven't heard of, sendmail being what it is.)

flame away...

Bob Kelley
HP-UX Networking 
bkelley () cup hp com