Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: lug-bg: Sendmail vulnerability

Subject: Re: lug-bg: Sendmail vulnerability
From: danchev@xxxxxxxxx (George Danchev)
Date: Sat, 15 Feb 2003 19:30:08 +0200

On 15 02 2003 01:21, Georgi Chorbadzhiyski wrote:
> Konstantin Angelov wrote:
> > Just an FYI. Proverqvaite za patch po chesto ot tuk natatuka - ne se znae
> > tochno koga shte izleze oficialno tazi informacia na bql svqt
> >
> >
> > [snip]
> >
> > [02:35pm]<rrognlie> hey
> > [02:35pm]<rrognlie> yes, I know
> > [02:35pm]<rrognlie> and I've been sworn to not reveal anything until
> > either 1) it
> >                     leaks through back channels
> > [02:36pm]<rrognlie> or 2) it gets released publicly...
> > [02:36pm]<rrognlie> it's nasty.
> > [02:36pm]<rrognlie> s/nasty/potentially/
> > [02:36pm]<jeffw> any idea when we'll see a patch?
> > [02:36pm]<rrognlie> the patch is done
> > [02:36pm]<rrognlie> but we can't release it until it's announced
> > [02:37pm]<jeffw> patch only to 8.12?
> > [02:37pm]<scottm> how far back is sendmail affected?
> > [02:37pm]<rrognlie> nope... 8.8, 8.9, 8.10, 8.11, 8.12
> > [02:37pm]<jeffw> this is gonna be ugly
> > [02:37pm]<rrognlie> yes
> > [02:37pm]<scottm> <expletive deleted>
> > [02:37pm]<rrognlie> "there are national security issues that need to be
> > addressed
> >                     before it's announced"
> > [02:38pm]<jeffw> you're kidding?
> > [02:38pm]<rrognlie> the patch protects not only the MTA, but any
> > downstream MTAs
> >                     (which is nice)
> > [02:38pm]<mike_> "whitehouse.gov needs to patch their servers"
> >
> > [/snip]

zna4i tova e mnogo dobre 4e se dade warning...

> Ili za po-lesno ne izpolzvaite tozi piece of crap, narechen za blagozvuchie
> "sendmail".

eh Georgi, pak gi reshavash nestata otgore otgore ... ste ti preveda malko 
examples s koito se samooprovergavash, ili po to4no v style "s tvojte kamyni 
po tvojta glava" 4e e po-lesno ;-)... 

Eto naprimer tuka 
http://www.mail-archive.com/lug-bg@xxxxxxxxxxxxxxxxxx/msg12573.html
stava vypros za bugs v drugi software-ta kato Apache, OpenSSL, OpenSSL, PHP, 
koito sa bili opraveni razbira se as soon as possible..... i kakto sam 
kazvash "Updadeiti na softuer vinagi shte ima" ...
E po systiq na4in ste se update-ne i Sendmail-a i vsqko drugo software koeto 
trebe i se nalaga... Open Source pe4eli predimno s byrzinata i to4nostta pri 
reshavaneto na problemi, a problemi vsi4ki software-ta (nezavisimo pod kakva 
forma sa) mogat imat.

Neznam zasto i bob.slackware.com Sendmail gleam maj polzva ili sym se obyrkal 
nesto. Osven tova v PACKAGES.TXT na Slackware gledam ima _samo_ Sendmail s 
description "Eric Allman's mail transport agent. The _Unix System 
Administration Handbook_ calls sendmail 'The most complex and complete mail 
delivery system in common use...' "... Ta ti li se obyrkal nesto ili 
Slackware Team (ili The _Unix System Administration Handbook_) 
razprostranqwajki i prepory4vajki crappy software kakto kazwash ti ???... Sto 
ne gi obu4ish i tezi hora ;-)
(za leka spravka apt-get install mail-transport-agent, da vidish ko sti vyrne, 
muahahaha)

Sega ima mnogo dobri analozi kato postfix, exim, qmail..., no Sendmail 
prosto ne e za vseki. Ot druga strana tova 4e nqkoj ne polzva Sendmail, a 
nesto drugo, ne zna4i 4e ne go razbira... Taka 4e ne davaj akyl na tezi koito 
znaqt kak da go polzvat i ostavete tazi grizha na tqh ... Te obiknoveno sa vi 
mail hubs na vas ;-). Az nekazvam 4e polzvam Sendmail, glavno poradi tova 4e 
ne go razbiram, no ne davam akyl dali da se polzva i kak na tezi koito znaqt 
kak da go polzvat, a opredeleno razlika ima v tezi dve ponqtiq... Dosta hora 
se opitvat da se pravqt na veliki pokazvajki kolko razbirat kato opluvat 
slozhni Software-ta kato Sendmail, no vsystnost ne im e po silite dori i da 
oplu4avat, stoto neznaqt kakvo to4no da opluvat i izpadat v bezteglovnost...

mnogo leko i nebrezhno gi govorish nestata..., mnogo 
ti e lesno (kakto ti beshe kazano i ot drug;-)... Eto tozi ti comment pyk e 
shediovyr, imaj milost please;-) 
http://www.linux-bg.org/cgi-bin/y/index.pl?page=comment&id=devs&key=348385951&cmtkey=348385951_348394356#comment_info
"ne qbylki, ami qbylki", anglijski li ste se u4ime sega ili na 4uvstvo za 
humor ;-) ... maj ne otiva na hora koito teach-vat da proiznasqt podobni 
leki izkazvaniq ... dosta plitko idva taka, i za bazik ne stava ... ;-)

P.S. nadqvam se da ne bqh mnogo "bad boy" ;-) , snizhavam se ;-)

-- 
Greets, 
fr33zb1 

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Във връзка с:
- Re: lug-bg: Sendmail vulnerability
  - Изпратено от: gf@xxxxxxxxxxx (Georgi Chorbadzhiyski)
- RE: lug-bg: Sendmail vulnerability
  - Изпратено от: bivol@xxxxxxxxx (Peter An. Zyumbilev)

Относно:
- Re: lug-bg: Sendmail vulnerability
  - Изпратено от: gf@xxxxxxxxxxx (Georgi Chorbadzhiyski)

Предишно по дата: lug-bg: simulirane na connections
Следващо по дата: RE: lug-bg: Sendmail vulnerability
Предишно по тема: Re: lug-bg: Sendmail vulnerability
Следващо по тема: RE: lug-bg: Sendmail vulnerability
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG