Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have updated my sendmail to rh version 8.11.6-27-72 whic is their lates release. Tis was supposed to correct some security issues with my previous version 8.11.6-3. The rpm -F updated the package and created new access, sendmail.mc and .cf files. I restarted the daemon but my portscan shows the same problems that shoud have been addressed by patches for rh advisory RHSA-2003:073-06. Is there something else I should have done or do I need to download the latest source.
I restarted the daemon but my portscan shows the same problems that shoud have been addressed by patches for rh advisory RHSA-2003:073-06.
RHSA-2003:073-06 addresses one message-based buffer overflow vulnerability and one smrsh parsing vulnerability. A portscan is not the way to test for this.
I restarted the daemon but my portscan shows the same problems that shoud have been addressed by patches
What do you mean your portscan?
If you don't need sendmail to be running (ie, you don't need your system to be accepting connections for a domain to pass on to local users), stop it from running altogether:
chkconfig --level 2345 sendmail off
Then you won't have to worry about keeping sendmail up to date.
I need to keep this service running as it is my mail server. Let me clarify on ry reference to port scan. I use a company called Qualys which compiles vulnerabilites and when I run the scan it detects any based on the services I am running. In theory if I installed every patch available I would address the problems the scan detects but that is the advantage for me with this service is its identifies the vulnerability and even recomends the solution or workaround whic saves me a lot of time. Well the rh patch is supposed to fix this problem but it did not unless I did somethig wrong.
I will paste the relevant section of my scan report.
QID:74135 Category:Mail services CVE ID:CAN-2002-1337
First Detected:11/15/2003 at 20:28:47 Last Detected:11/15/2003 at 20:28:47 Times Detected:1
Sendmail is a widely used MTA for Unix and Microsoft Windows systems.
A remotely exploitable vulnerability has been discovered in Sendmail. The vulnerability is due to a buffer overflow condition in the SMTP header parsing component. Remote attackers may exploit this vulnerability by connecting to target SMTP servers and transmitting malformed SMTP data to them.
The overflow condition occurs when Sendmail processes incoming e-mail messages with multiple addresses in a field such as "From:" or "CC:". One of the checks to ensure that the addresses are valid is flawed, resulting in a buffer overflow condition.
Sendmail Versions 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to Version 8.12.8 or apply available patches to prior versions of the 8.x tree.
This vulnerability may be exploited to gain root privileges on affected servers remotely.
RedHat released a security advisory (RHSA-2003:073-06) containing fixes. Upgrade as soon as possible.
SGI released a security advisory (20030301-01-P) containing fixes. Users of IRIX 6.5.15 and later are urged to apply the appropriate patches. Users of IRIX 6.5.14 and earlier should upgrade their installations to IRIX 6.5.20.
Sendmail in OpenBSD-current has been upgraded to Version 8.12.8. Patches have also been released for OpenBSD Versions 3.2 and 3.1. Apply patches or upgrade.
...then check the sendmail.cf or nc/telnet to your SMTP port and check out the version number it identifies itself with. If it doesn't, type "help".
If it is the latest, patched version, then check out your sendmail.mc for "confSMTP_LOGIN_MSG" or sendmail.cf for a line starting with "O SmtpGreetingMessage". If it sez "De$j Sendmail $v/$Z ready at $b", then you could replace it with a generic "$j Mailer; $b", restart Sendmail and do another Qualys scan. If it doesn't find your MTA vulnerable, OK, if it does then I hope you did a free scan.