[nSLUG] Re: Mailing List Security
ian at damnit.org
Tue Mar 4 09:42:25 AST 2003
>You could try "telnet localhost 25" and see what the banner says.
>On March 4, 2003 01:19 am, Mike Spencer wrote:
> > > http://www.cert.org/advisories/CA-2003-07.html
> > Um, how do I tell which version of sendmail I'm running?
> > I'm working on a slackware 8.something install on what will then
> > become my main HD but for now still running a distro that came without
> > source. "strings /usr/sbin/sendmail" shows too many assorted version
> > numbers for the various components to sort it out. No --version
> > switch.
I'd take a wild guess and say you're (in theory) probably
vulnerable, since the fixed version (8.12.8) was only released... yesterday
or the day before, I think.
> > (Not critical: I only use it to send to a smarthost. Incoming is
> > refused.)
You might not be vulnerable after all, since the overflow is
caused in the code that parses the RCPT TO: bit of the message.
More information about the nSLUG