Contributed by jose on from the mail-land-security dept.
OpenBSD 3.2 shipped with sendmail 8.12.8 and thus has the bug. OpenBSD 3.3 shipped with sendmail 8.12.9 and does not have the bug.
The problem has been fixed in the OpenBSD 3.2-stable branch.
In addition, a patch is available for OpenBSD 3.2:
Please note that this only affects sendmail configurations that use the "enhdnsbl" feature. The default OpenBSD sendmail config does not use this. Unless you have created a custom config that uses enhdnsbl, you do not need to apply the patch or update sendmail."
Sendmail has their own announcement on this issue. If you're still on 3.2, you should consider upgrading to 3.3, anyhow, to enjoy the benefits of several other security and reliability enhancements.
(Comments are closed)