AUS-CITY Forums Computers & Software Security Bulletins and Virus Alerts Sendmail Trojan Horse Vulnerability

Who's Online Now

0 members (), 591 guests, and 24 robots.

Key: Admin, Global Mod, Mod

ShoutChat

Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.

KSC PAD 39A

KSC PAD 39B

TLE DATA

IDB.COM.AU
For all your TLE downloads.

May
S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Today's Birthdays

There are no members with birthdays on this day.

AUS-CITY Recent Posts

James Webb Space Telescope chief scientist Jane Rigby receives highest US civilian award
by Webmaster - Thu 09 May 2024 04:50:PM

Gargantuan sunspot 15-Earths wide erupts with another colossal X-class solar flare (video)
by Webmaster - Thu 09 May 2024 04:41:PM

Historic space-baked cookie lands in the Smithsonian
by Webmaster - Thu 09 May 2024 03:30:PM

China launches 4 satellites on 1st flight of new Long March 6C rocket (video)
by Webmaster - Thu 09 May 2024 02:19:PM

'Star Trek: Discovery' season 5 episode 7 'Eirgah' is the best yet of this final season
by Webmaster - Thu 09 May 2024 02:18:PM

'I don't see any evidence of aliens.' SpaceX's Elon Musk says Starlink satellites have never dodged UFOs
by Webmaster - Thu 09 May 2024 02:00:PM

'Major lunar standstill' may reveal if Stonehenge is aligned with the moon
by Webmaster - Thu 09 May 2024 02:00:PM

White dwarfs are 'heavy metal' zombie stars endlessly cannibalizing their dead planetary systems
by Webmaster - Thu 09 May 2024 01:00:PM

SpaceX fires up Starship rocket for upcoming 5th test flight (photos, video)
by Webmaster - Thu 09 May 2024 12:00:PM

Ruko Veeniix V11 drone review
by Webmaster - Thu 09 May 2024 11:43:AM

AUS-CITY Latest Photos

Art By MA
by Alisa, July 27

"5greenheart" by MA
by Alisa, July 27

"3moons" by MA
by Alisa, July 27

Art By MA
by Alisa, July 27

Popular Topics(Views)

4,753,123 The most hated Government Department

3,145,508 UBI, Updates and the rest :-)

845,780 Access to new forum UBI and PBS Private

705,760 CYPRUS SAT ON AIR CH60

523,864 What can we expect of TV Plus ?

516,086 Department of Child Safety's most shameful office

435,219 UBI vs DigiTurk - Turkish Package Changes

349,310 TARBS WAS SCREWED!!!!

343,018 Moderate 4.4 quake hits near Gisborne, Gisborne District, New Zealand

327,715 aussiefrogs.com offline

AUS-CITY Earthquake Map

AUS-CITY Advertisements

Print Thread

Rate Thread

Sendmail Trojan Horse Vulnerability #27943 Sun 20 Oct 2002 10:52:AM
Joined: Feb 2001 Posts: 3,536 Ontario, Canada VA3DBJ OP Mission Commander
OP VA3DBJ Mission Commander Joined: Feb 2001 Posts: 3,536 Ontario, Canada	Sendmail Trojan Horse Vulnerability<br />Risk <br />High<br /><br />Date Discovered <br />10-08-2002<br /><br />Description <br /><br />Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28, 2002 and October 6, 2002 likely contain the trojan code.<br /><br />It has also been reported that versions of sendmail available via HTTP distribution on the Sendmail Consortium site are not affected.<br /><br />Reports say that the trojan will run once upon compilation of sendmail. Once the Trojan is executed, it attempts to connect to host spatula.aclue.com (66.37.138.99) on port 6667.<br /><br />Although unconfirmed, it has been reported that the service listening on port 6667 of host spatula.aclue.com (66.37.138.99) has been disabled.<br /><br />The Sendmail Consortium has signed all valid distributions of the sendmail software with the following PGP key:<br /><br />pub 1024R/678C0A03 2001-12-18 Sendmail Signing Key/2002 <br />Key fingerprint = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45 <br /><br />Additionally, the following checksums have been made available to verify packages against:<br /><br />73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz<br />cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z<br />8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig <br />Components Affected <br />Sendmail Consortium Sendmail 8.12.6 <br /><br />Recommendations <br />Block external access at the network boundary, unless service is required by external parties.<br />Filter untrusted network traffic at border routers and network firewalls.<br /><br />Run all server processes as non-privileged users with minimal access rights.<br />Perform all tasks with the minimal privileges possible to perform task.<br /><br />The vendor has stated that the versions served via HTTP download are not affected, and the valid versions of sendmail for downloaded from http://www.sendmail.org. They are available from the normal distribution channels and have the following MD5 checksums:<br /><br />73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz<br />cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z<br />8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig<br /><br />Additionally, they are signed with the Sendmail Consortium PGP Key. <br />Sendmail Consortium Sendmail 8.12.6: <br /><br />References <br />Source: CERT CA-2002-28 Trojan Horse Sendmail Distribution <br />URL: http://online.securityfocus.com/advisories/4541 <br /><br />Source: Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail <br />URL: msg://bugtraq/Pine.GSO.4.44.0210081944270.18276-100000@mindsec.com <br /><br />Source: Sendmail Homepage <br />URL: http://www.sendmail.org/ <br /><br />Credits <br />Advisory released by CERT.