Contributed by jose on from the crypto-verify dept.
"the sendmail package version 8.12.6 contains an openssh like trojan. this issue is on the cert site at CA-2002-28 . is openbsd-current sendmail source infected with this trojan?"OpenBSD shouldn't be affected by this as only every now and then the Sendmail sources are updated. However, some admins who used home rolled Sendmail installations may be affected. Note that the modified distfile was up and available for several days (unlike the OpenSSH Trojan, which was fixed in under a day).
(Comments are closed)
By Arrigo Triulzi () on http://www.alchemistowl.org/arrigo
You are vulnerable during the installation process when a process opens up a connection on the usual 6667/tcp.
By Anonymous Coward () on
By Anonymous Coward () on
By Josh () selerius@codefusion.org on http://www.codefusion.org
By strlen () alex@strlen.net on mailto:alex@strlen.net