[Mimedefang] FYI: Trojaned Versions of Sendmail
David Potterveld
POTTERVELD at ANLMEP.PHY.ANL.GOV
Wed Oct 9 15:49:01 EDT 2002
This may be a bit off-topic, but perhaps affects people on this list.
David Potterveld
Argonne National Laboratory
-----BEGIN PGP SIGNED MESSAGE-----
CIAC has received reports that some copies of the source code for the
Sendmail package on the ftp.sendmail.org web site have been compromised. The
files were modified by an intruder to include malicious code. The
malicious code is executed when the distribution is compiled, and forks a
process that connects to a remote server on port 6667/tcp. This forked
process allows a remote shell to be opened in the context of the user who
compiled Sendmail.
If you downloaded the following files beginning on or around 28 September
through 6 October 2002 from the FTP web site listed above, please verify
your Sendmail version is authentic:
sendmail.8.12.6.tar.Z
sendmail.8.12.6.tar.gz
To ensure authenticity you can use the following MD5 checksums:
73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig
More information concerning this can be found at the following URL:
http://www.cert.org/advisories/CA-2002-28.html
If you have any questions or concerns, please contact the CIAC hotline
at 925-422-8193.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBPaR5bLnzJzdsy3QZAQFffQQAyaH5rjxukMxna8k8Pk4+fl/tZixBie/q
mIEt/3cLK5eDqBV2Cpl98C6CD8QNVud4l1FfjFwtoGleZwv3Dgjl9qDxTM/P6ijW
L/noyaw4u/gHGZPaTJ75mF41RhAe/PT9y0c2JqzV+P1ab2xj7rJMstHe7osFskqb
+Bv9+apy2F4=
=A31J
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list