SMTP Outdated

Vulnerability Description

Brief description: The sendmail daemon is outdated.

Full description: The sendmail daemon is outdated. Older versions of sendmail have many problems, including security holes. The most recent version has such holes patched.

Components: sendmail (any version)

Systems: UNIX variants

Effect(s) of exploiting: Exact effect depends on the version of sendmail involved.

Detecting the hole:

1. Check to see if sendmail is running. Then look at sendmail.org to see if you have the latest version

Fixing the hole:

1. If the extensive features of sendmail are not all necessary, install a different SMTP server that more closely follows the KISS (Keep It Simple Stupid) principle. Example mail daemons designed to meet this principle are qmail by Dan Bernstein and postfix by Wietse Venema .

Other information:

Keywords

sendmail

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

Exploit Information

Attack:

Related Information

Advisories: Some example advisories are: Cert advisories CA-97.05, MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4 , CA-96.25, Sendmail Group Permissions Vulnerability , CA-96.24, Sendmail Daemon Mode Vulnerability , and CA-96.20, Sendmail Vulnerabilities ; ISS X-Force database entries hp-sendmail-connect-dos , smtp-sendmail-version5 ; and so forth.

Related Vulnerabilities:

Reportage

Reporting: various people in various places ( )

Revision Number 1

1. leblanc (6-28-00):
   initial entry