Mail relay vulnerability even in RedHat 6.0 (Japanese and English)

[sakai () LAC CO JP (SAKAI Yoriyuki)]

Hi folks,

In message <372E9068C013D211891F00805F9FD1C201895FDA () mail3 oulan ou edu>
   "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2"
   ""Callison, James P" <callison () OU EDU>" wrote:

> The sendmail.cf that comes with RedHat 5.x (sendmail 8.8.7) doesn't work
> against the open relay problem, although it does contain most of the rules
> needed to do so.

        I remember the sendmail 8.9.3 is contained in RedHat 6.0
(Japanese and English) and check whether the vulnerability is fixed or
not. It seems still the rule of sendmail.cf can allow the source routing
and does not reject it. Even the sendmail.cf is designed for sendmail 8.9.3.

        I felt it is hard to understand that it contains and allows
a feature which is based on UUCP in the default value. I recommend
extremely that administrators of sendmail 8.9.3 (Does not care who
use Linux or other UNIXes) should re-check whose own rule of
sendmail.cf after the installation.

--
  SAKAI Yoriyuki           /----------------------------------->>
  sakai () lac co jp         / LAC Co., Ltd.
<<-----------------------/  http://www.lac.co.jp/security/