Has anybody else been seeing a lot of sendmail segfaults since Yesterday? I got over 2300 yesterday alone, and haven't got done counting todays.
Scott Silva schrieb:
Has anybody else been seeing a lot of sendmail segfaults since Yesterday? I got over 2300 yesterday alone, and haven't got done counting todays.
You are maybe target of an attack using a known vulnerability of Sendmail < 8.13.8.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434
Alexander
Alexander Dalloz spake the following on 9/18/2006 4:14 PM:
Scott Silva schrieb:
Has anybody else been seeing a lot of sendmail segfaults since Yesterday? I got over 2300 yesterday alone, and haven't got done counting todays.
You are maybe target of an attack using a known vulnerability of Sendmail < 8.13.8.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434
Alexander
Is there a good repo with a newer sendmail than in CentOS 4.4?
Scott Silva schrieb:
Is there a good repo with a newer sendmail than in CentOS 4.4?
http://www.city-fan.org/ftp/contrib/mail/
Alexander
At 07:44 PM 9/18/2006, Scott Silva wrote:
Alexander Dalloz spake the following on 9/18/2006 4:14 PM:
Scott Silva schrieb:
Has anybody else been seeing a lot of sendmail segfaults since Yesterday? I got over 2300 yesterday alone, and haven't got done counting todays.
You are maybe target of an attack using a known vulnerability of Sendmail < 8.13.8.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434
Alexander
Is there a good repo with a newer sendmail than in CentOS 4.4?
Note that RedHat has been back-porting patches into sendmail 8.12.x rather than supplying 8.13.x as a bug fix. As a result, the patched 8.12.x might not be vulnerable to issues despite CVE statements that all versions before X are vulnerable. That said, I haven't looked to see if RedHat has indeed patched up sendmail to deal with this particular vulnerability.
This also points out one of my concerns with the RHEL distribution (we have lots of copies we pay RH for, and a few we use CentOS for). For some packages, we'd REALLY like a choice of staying on the present train, or moving forward. In our case, sendmail-8.13 would be useful, and php-5.x would be useful. If there were the possibility of getting those -- including bug fixes for security updates via normal patch installation methods -- we would be much happier.
This also points out one of my concerns with the RHEL distribution (we have lots of copies we pay RH for, and a few we use CentOS for). For some packages, we'd REALLY like a choice of staying on the present train, or moving forward. In our case, sendmail-8.13 would be useful, and php-5.x would be useful. If there were the possibility of getting those -- including bug fixes for security updates via normal patch installation methods -- we would be much happier.
postfix :P
Except for one security issue and one DOS way back in time, postfix has been pretty good when it comes to security issues; being as it is written by a security expert.
The latest RHEL postfix is 2.2.10 which brings along a lot of lovely features and it is also a complete dropin for sendmail.
Or you can become a sendmail expert and package your own up to date sendmail.
At 10:49 PM 9/19/2006, Feizhou wrote:
This also points out one of my concerns with the RHEL distribution (we have lots of copies we pay RH for, and a few we use CentOS for). For some packages, we'd REALLY like a choice of staying on the present train, or moving forward. In our case, sendmail-8.13 would be useful, and php-5.x would be useful. If there were the possibility of getting those -- including bug fixes for security updates via normal patch installation methods -- we would be much happier.
postfix :P
Except for one security issue and one DOS way back in time, postfix has been pretty good when it comes to security issues; being as it is written by a security expert.
The latest RHEL postfix is 2.2.10 which brings along a lot of lovely features and it is also a complete dropin for sendmail.
Actually, postfix is not a complete dropin for sendmail. There are a number of items it does not do the same way, so if you've got extensive configurations and adjustments, there are differences.
I don't disagree postfix is interesting and useful, and has matured well. But there are differences in using it.
Or you can become a sendmail expert and package your own up to date sendmail.
We do much with modified configurations, we just prefer to rely on redhat to port and test the bug fixes on the sendmail binaries, as the sendmail.org folks seem to release many releases, and we just don't have the bandwidth to track them and rebuild for our servers as they come up. You could make the same argument for PHP, Apache and a dozen other core application components as "things we should just package ourselves" but we might also need a bit of time in our lives to run the business, rather than building tools. This is why we pay RedHat for bug fixes on our production servers.
In talking with a RedHat person at LinuxWorld, they seemed to be getting this feedback from a lot of folks (wanting newer packages, supported, on stable versions of RHEL). Sounded like they were open to the idea, if not sure how they'd actually implement such.
On Wednesday 20 September 2006 08:26, Daniel Senie wrote:
We do much with modified configurations, we just prefer to rely on redhat to port and test the bug fixes on the sendmail binaries, as the sendmail.org folks seem to release many releases, and we just don't have the bandwidth to track them and rebuild for our servers as they come up. You could make the same argument for PHP, Apache and a dozen other core application components as "things we should just package ourselves" but we might also need a bit of time in our lives to run the business, rather than building tools. This is why we pay RedHat for bug fixes on our production servers.
well, in CentOS we have centosplus and the dev/testing centos repo with some packages updated. I use php5 and recently openldap 2.3 in some servers, the first one by necesity ,the second one is for testing purposes
In talking with a RedHat person at LinuxWorld, they seemed to be getting this feedback from a lot of folks (wanting newer packages, supported, on stable versions of RHEL). Sounded like they were open to the idea, if not sure how they'd actually implement such.
maybe like ubuntu, that have a backport repository that backport newer packages from the upstream/testing releases. the apt system will manage very well the configuration problems to minimize the downtime of a critical server for a newer version and newer configuration. In FC4 and FC5 finally redhat have a clean system to upgrade from a release to another without pain. Maybe this can be the path too.
-- Black Hand Amiga Addicts
Scott Silva schrieb:
Has anybody else been seeing a lot of sendmail segfaults since Yesterday? I got over 2300 yesterday alone, and haven't got done counting todays.
You are maybe target of an attack using a known vulnerability of Sendmail < 8.13.8.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434
Alexander
Is there a good repo with a newer sendmail than in CentOS 4.4?
Hi Scott,
I am interested in a feedback whether someone really tried to DoS your MX by misusing the Sendmail error described in the CVE.
Alexander
Alexander Dalloz spake the following on 9/20/2006 7:23 AM:
Scott Silva schrieb:
Has anybody else been seeing a lot of sendmail segfaults since Yesterday? I got over 2300 yesterday alone, and haven't got done counting todays.
You are maybe target of an attack using a known vulnerability of Sendmail < 8.13.8.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434
Alexander
Is there a good repo with a newer sendmail than in CentOS 4.4?
Hi Scott,
I am interested in a feedback whether someone really tried to DoS your MX by misusing the Sendmail error described in the CVE.
Alexander
I used the sendmail rpms from City-fan.org, but I was still having problems. Tried tracing what was causing the problem, but could not find any culprit. I had added mimedefang about 10 days ago, but I disabled it and still problems. Then the system started showing scsi bus resets and hangs... Now the true culprit might be showing its face. I found a corrupted journal, and fsck the drive, and things seem to be quiet. This is the last system I use an adaptec sata-raid card in. When the system was new, I lost 2 drives in a 6 drive raid-5 array. Might as well been all six, as the system was trashed. Now this... glad that the backup systems have 3ware's. Maybe I will have to migrate this system to a 3ware. When I have time and can convince the PHB's that it is the problem.
Scott Silva schrieb:
I used the sendmail rpms from City-fan.org, but I was still having problems. Tried tracing what was causing the problem, but could not find any culprit. I had added mimedefang about 10 days ago, but I disabled it and still problems. Then the system started showing scsi bus resets and hangs... Now the true culprit might be showing its face. I found a corrupted journal, and fsck the drive, and things seem to be quiet. This is the last system I use an adaptec sata-raid card in. When the system was new, I lost 2 drives in a 6 drive raid-5 array. Might as well been all six, as the system was trashed. Now this... glad that the backup systems have 3ware's. Maybe I will have to migrate this system to a 3ware. When I have time and can convince the PHB's that it is the problem.
Thanks for sharing this information.
Alexander
-
Alexander Dalloz -
Black Hand -
Daniel Senie -
Feizhou -
Scott Silva