[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
- Subject: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Aug 2001 03:15:50 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> How do you determine which version you have of any program? I can't seem to
> find Help > About ;)
Tricky one to answer really. One of the first things I'd suggest is
looking at the man page for the program ... many support command
line options like "--help" or "-V" which dump various information then
exit without invoking the program fully. Some man pages will also have
the current version of the program shown in them somewhere, though this
doesn't seem to be particularly common.
Other than that, you can look at the RPM packages that are installed, say
via "rpm -qa | grep sendmail". You'll get a response along the lines of
"sendmail-1.2.3" where the numbers are the version. Note, though, that if
you've manually compiled up a tarball and installed it over a package,
this isn't going to give a correct response, as it's reading the package
database, not the program binary.
For daemons, you can have a peek at the logs; most dump version
information to their respective log files upon startup.
If you're feeling incredibly lucky, as a last resort you can try dumping
all the strings out of a binary via the "strings" command and hoping that
the version string will be recognisable.
Hope that helps,
John.