Bugtraq mailing list archives
Mail relay vulnerability even in RedHat 6.0 (Japanese and English)
From: sakai () LAC CO JP (SAKAI Yoriyuki)
Date: Thu, 19 Aug 1999 09:56:17 +0900
Hi folks, In message <372E9068C013D211891F00805F9FD1C201895FDA () mail3 oulan ou edu> "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2" ""Callison, James P" <callison () OU EDU>" wrote:
The sendmail.cf that comes with RedHat 5.x (sendmail 8.8.7) doesn't work against the open relay problem, although it does contain most of the rules needed to do so.
I remember the sendmail 8.9.3 is contained in RedHat 6.0 (Japanese and English) and check whether the vulnerability is fixed or not. It seems still the rule of sendmail.cf can allow the source routing and does not reject it. Even the sendmail.cf is designed for sendmail 8.9.3. I felt it is hard to understand that it contains and allows a feature which is based on UUCP in the default value. I recommend extremely that administrators of sendmail 8.9.3 (Does not care who use Linux or other UNIXes) should re-check whose own rule of sendmail.cf after the installation. -- SAKAI Yoriyuki /----------------------------------->> sakai () lac co jp / LAC Co., Ltd. <<-----------------------/ http://www.lac.co.jp/security/
Current thread:
- Mail relay vulnerability even in RedHat 6.0 (Japanese and English) SAKAI Yoriyuki (Aug 18)