Re: lug-bg: Sendmail vulnerability
- Subject: Re: lug-bg: Sendmail vulnerability
- From: mano@xxxxxxxxxxxxx (Marian Popov)
- Date: Sun, 16 Feb 2003 20:47:16 +0200
Az nishto niama da kaja no procheti tova:
Tova e izvadka ot edin posting v grupata.
>
>
> Znchi... kato sme trygnali da opliuvame sendmail i da davamre primer za
> izpolzvaneto na qmail, mislia, che e po-spravedlivo ne da se vzirame v
> Yahoo i Hotmail i dr., a vav visokotehlnologichni firmi i organizacii s
> visoko nivo na sigurnostta! Zvena v koito ne obmeniat e-mail i kartichki,
> nito pyk se zanimavat s dostavka na internet za teenegeri snabdeni s
> computri-morgi i modemi ot rannia mezozoi!
>
> Mozhete da obhodite serverite na organizaciata na otbranitelnata sistema
> na Shtatite primerno, kato zapochente ot Los Alamoskata Nacionalna
> Laboratoria, v koiato sa sazdadeni vsichki vidove iadreno i termiiadreno
> orazhie, za koito mozhe da se setite...
>
> 220 mailproxy1.lanl.gov ESMTP Sendmail 8.11.6/8.11.6/(ccn-5); Fri, 16 Nov
> 2001 01:15:02 -0700
>
> Nivoto na mrehzova sigurnost tam e edno ot nai-visokite v sveta. Sami se
> seshtate zashto.
>
> ia da nadniknem i v drugia grybnak na otbranitelnata systema v LLNL:
>
> 220-InterScan Version 3.6-Build_1142 $Date: 01/18/2001 13:18:0007$: Ready
> 220 smtp-in-2.llnl.gov ESMTP Sendmail 8.9.3/8.9.3/LLNL-gateway-1.0; Thu,
15
> Nov 2001 23:01:16 -0800 (PST)
>
> Uveriavam vi, tam ne rabotiat nikak typi systemni administratori, zashtoto
> mrezhovata sigurnost tam e na nivo "paranoia". Razbira se na po-znaeshtite
> ot tiah i po-mozheshtite, koito iavno sa chelnove ne tozi poshtenski
spisak,
> pozhelavamm da se probvat da otidat da rabotiat tam. Edna greshka i ne
> prosto shte gi uvolniat, no shte otlezhat v zatvora tvurde dylgo vreme za
> da izliazat i poglait porasnalite si vnuci!
>
> Argonskaya Nacionalna Lbaoratoria sashto e sas sendmail! Tam se praviat
> izsledvania za neshta, do koito mnogo iskat da se dokopat...
>
> 220 dns2.anl.gov ESMTP Sendmail 8.9.1a/8.9.1; Fri, 16 Nov 2001 01:02:19
> -0600 (CST)
>
>
> Pentagona sashto polzva sendmail! Liubopiten sam dali tam spodeliat
> mneniata vi za dupkite v sendmail, razbira se, koito iska mozhe da im
> prepodade edin urok s primeri... Chuvalo se e, che tam ne izbirat
> administratori toku taka... imalo dosta tezhki izpiti na ocenka na
> znaniata im, osobeno v sigurnostta na software i mrezhi.
>
> 220 woodsm.pentagon.mil ESMTP Sendmail 8.10.2+Sun/8.10.2; Fri, 16 Nov 2001
> 02:04:03 -0500 (EST)
>
> Universiteta Berkeley, kadeto se razrabotvat sumati UNIX-i, i
> se praviat sumati strategicheski izsledvania za iadrenite programi,
> sashto polzva sendmail! A sega kazhete, che tam sa grupa glupaci, koito
> nishto ne razbirat ot mail-serveri
>
> 220 ack.Berkeley.EDU ESMTP Sendmail 8.9.3+Sun/8.9.3; Thu, 15 Nov 2001
> 23:10:35 -0800 (PST)
>
> Interesno e polizhenieto v MIT. Tam mai beshe sasredotocheno osnovnoto
> iadro computerni exprerti v Shtatite...
>
> 220 MIT.EDU ESMTP Sendmail (no collect or third party calls) at Fri, 16
Nov
> 2001 02:53:18 -0500 (EST)
>
> Proverete i v NATO. Po kriteriite na niakoi ot vas, tezi tuk sa sashto v
> grupata LAME-ri i ot skuka sa postavili sendmail za da gi probvat kak shte
> gi probiat
>
> 220 hq.nato.int ESMTP Sendmail 8.9.1/8.9.0; Fri, 16 Nov 2001 08:13:26
+0100
> (MET)
>
> Haide opitaite i v CERN. Mislia, che ot sazdatelite na WEB-a mozhem da
> se pouchim i shte ni e malko trudno da gi opliuem!
>
> 220 smtp3.cern.ch ESMTP Sendmail 8.11.6/8.11.6; Fri, 16 Nov 2001 08:14:31
> +0100
> (MET)
>
>
> V ostanalite podobni zvena otkrihme kakvi li ne drugi MTA (niakoi ot koito
> dori ne biah chuval), no nikade ne namerihme qmail... Silno se smaniavam,
che
> tezi hora na znaiat za sashtestvuvaneto mu.
>
> Za niakoi maniaci na FreeBSD shte kazha, che FreeBSD org se obsluzhva sas
> PostFix (220 hub.freebsd.org ESMTP Postfix (Postfix Rules!))
>
>
> Evropeiskata kosmicheska agencia polzva Sendmail. Tam se zavartat za
godina
> tolkova pari za komunikacii, kolkoto Yahoo i Hotmail zaedno ne sabirat za
> 1 godina. V ESA osven tova se experimentirat i novi tehnologii za kodirane
> na signali i kakvo li ne... Informaciata iztekla ot tam mozhe da struva
> miliardi!
>
> 220 esacom42.esoc.esa.de ESMTP Sendmail 8.9.2/8.9.2/ESA-ESOC-v1.8; Fri, 16
> Nov 2001 07:17:23 GMT
>
> 220 esacom44.estec.esa.nl ESMTP Sendmail 8.9.2/8.9.2/ESA-ESTEC-v1.2; Fri,
16
> Nov 2001 08:21:47 +0100 (MET)
>
> Firmata patentovala cryptoalgoritama IDEA i raboteshta v oblastta na
security
> v mehzdubankovite uslui v Shveicaria sashto polzva Sendmail. Ako tezi hora
ne
> sa naiasno kakvo praviat, mai za drugite tova izobshto ne mozhe da se
kazhe,
> che sa na iasno!
>
> 220 rubicon.hasler.ascom.ch ESMTP Sendmail 8.11.4/8.11.4; Fri, 16 Nov 2001
> 08:28:42 +0100 (MET)
>
> Evropeiskata banka za vastanoviavane i razvitie sashto raboti sas
sendmail:
>
> 220 ldn2imx1.ebrd.com ESMTP Sendmail 8.9.3/8.9.3; Fri, 16 Nov 2001
07:34:43
> GMT
>
> SUN Microsystems se sys sendmail (Opitaite si da mi kazhete, che adminite
im
> ne razbirat nishto ot MTA)
>
> 220 patan.sun.com ESMTP Sendmail ready at Fri, 16 Nov 2001 00:37:51 -0700
> (MST)
>
> Prozivoditelia na F-PROT sashto :
>
> 220 melona.complex.is ESMTP Sendmail 8.8.5/ISnet/Comp-97 ready at Fri Nov
16
> 07:40:21 2001
>
> RedHat sa na sendmail (Mandrake sa na PostFix)
>
> 220 mail.redhat.com ESMTP Sendmail 8.11.0/8.8.7; Fri, 16 Nov 2001 02:43:36
> -0500
>
> Slackware:
>
> 220 bob.slackware.com ESMTP Sendmail 8.11.6/8.11.6; Thu, 15 Nov 2001
23:40:31
> -0800
>
> LINUX.COM sashto e v lista na polzvatelite na Sendmai:
>
> 220-mailhub.linux.com ESMTP Sendmail 8.12.0.Beta19/8.12.0.Beta19; Fri, 16
Nov
> 2001 02:32:40 -0500
> 220-
> 220-Spam is prohibited here and any detected spam may be used in
prosecution
> 220-against the spammer. This sendmail setup uses PgSQL (postgres) for
most of
> 220-it's tables, for information on this, see
> 220 http://blue-labs.org/clue/sendmail.php
>
> LINUX.ORG i te sa taka:
>
> 220 ganymede.linux.org ESMTP Sendmail 8.11.6/8.11.6; Fri, 16 Nov 2001
> 02:32:43 -0500
>
> BSDI
>
> 220 services.ENG.BSDI.COM ESMTP Sendmail 8.11.6/8.11.6; Fri, 16 Nov 2001
> 02:03:16 -0600 (CST)
>
> OpenBSD
>
> Interner Software Consorcium (pisachite na BIND i DHCP):
>
> 220 isrv3.isc.org ESMTP Sendmail ready
>
> 220 cvs.openbsd.org ESMTP Sendmail 8.12.1/8.10.1; Fri, 16 Nov 2001
01:12:01
> -0700 (MST)
>
>
> Ima li smisal da prodalzhavam??? Az sashto ot 2 meseca izpolzvam qmail i
> ne sam vrag na qmail. No saglasete se, che opliuvaneto na sendmail po
> reflex izdava ne do tam golemi poznania...
=====================
Marian Popov
mano at pazardjik dot com
>
> Àäàø, èìàø òâúðäå ìíîãî âðåìå ÿâíî :) Åäâà óñïÿõ äà ïðî÷åòà
> êàêâî ñè íàïèñàë, íàïðàâî íå ìîãà äà ñè ïðåäñòàâÿ êàê ñè
> óñïÿë äà ãî íàïèøåø :) Ãðàôîìàíèèèè.
>
> À sendmail-a ñïîðåä ìåí ñè å crap. Òîâà å åäíà ïðîãðàìà,
> êîÿòî òîëêîâà ãîäèíè íå ìîãàò äà ÿ re-design-íàò òàêà ÷å
> äà ñòàíå ñèãóðíà è äà íå ñå íàëàãà âñåêè ïúò õîðàòà äà
> upgrate-âàò çàðàäè ïðîáëåìè ñúñ ñèãóðíîñòòà, ÷å åäèíñòâåíîòî
> îïðåäåëåíèå êîåòî ìîãà äà äàì çà òàêàâà ïðîãðàìà å - CRAP.
>
> Äà íå çàïî÷âàì ñ òîâà êîëêî å administrator friendly, íÿêîé
> ïî æåëàíèå äà ìè ïîñî÷è ïðîãðàìà, êîÿòî çà äà ìîæå íîðìàëåí
> ÷îâåê äà ñå ñïðàâè ñ êîíôèãóðèðàíåòî è, àâòîðèòå äà ñà
> èçìèëèëè îòäåëåí îïèñàòåëåí åçèê (m4) ?
>
> sendmail è wu-ftpd (íå ñå ïîëçâà âå÷å òîëêîâà, ñëàâà áîãó)
> ñà IMHO íàé-ëîøèòå íåùà ñ êîèòî ìîæå äà ñå ñáëúñêà ÷îâåê â
> åäíà UNIX ñèñòåìà. Äà íå çàáðàâÿìå è bind....íèùî ÷å ãî
> ïîëçâàì :)
>
> P.S. ×åñòèò ïðàçíèê íà âñè÷êè (íà ïàòåðèöè) áåç çíà÷åíèå êîé
> îò äâàòà ñòå ïðàçíóâàëè. Àç ëè÷íî ãè ïðàçíóâàõ è òðèòå :)
>
> --
> Georgi Chorbadzhiyski
> http://georgi.unixsol.org/
=====================
Marian Popov
mano at pazardjik dot com
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|