Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability

[Harald Kapper <hk@xxxxxxxxxx>]

On Tue, 04 Mar 2003 10:07:16 GMT, you wrote:

>Thank you for the painless patch for the 550s. 
>
>Any plans to make one for a raq2? If not, do you recommend installing 
>sendmail 8.12.8 from an rpm or patching the version 8.9.3 that our raq2 runs 
>and recompiling it? 
>
>Thanks, Julian 

hi,
as I maintain a whole bunch of raq2-boxes, I've setup a patched 8.11.6 here
http://www.knet.at/~hk/raq2/

please do only modify your system if you know what you're doing, otherwise
instruct some professional to do it for you - honestly - this saves time + money.

it's 8.11.6 because some features faded out in 8.12 that the raq2 still
relays on (I guess I remember auto-reloadling alias-files as one of these).

the 8.11.6 located at the above url was originally built 2001 - so it is
hardened and tested on our raq2-setups, the patch was applied this morning (CET)
and the executable was recompiled then and deployed - so far our systems work.

this of course makes no warranty that it will work for you.

if anyone got the time to make a pkg (and some users could confirm it works on their raq2's)
I'd be grateful.

best,
Harald Kapper, icq# 36178328         kapper.net, inc.
managing director                    loeblichgasse  6
chief software development           1090 vienna, .at
tel +43 1 3195500-0, fax +43 1 3195502, hk@xxxxxxxxxx