NYCPHP Meetup

[nycphp-talk] Bulletin Major Internet vulnerability discovered in e-mail protocol

Hans Zaunere hans at nyphp.org
Tue Mar 4 12:08:06 EST 2003


--- Kenneth Dombrowski <kenneth at ylayali.net> wrote:
> Hans Zaunere wrote:
> > --- Chris Shiflett <shiflett at php.net> wrote:
> > 
> >>You have to love headlines like that:
> >>
> >>"Major Internet vulnerability discovered in e-mail protocol"
> >>
> >>So, are we to assume that a vulnerability was found in the Internet
> >>(whatever that means)? Or, are we supposed to assume the vulnerability is
> >>in IMAP, SMTP, or POP?
> > 
> > 
> > Come on!
> > 
> > "Cyberspace is at risk once again as a horrible bug is eating it's way
> > through the Internet fabric, threatning millions of users and costing
> > billions of dollars."
> > 
> > Or at least that's how Dan Rather would put it :)
> > 
> > 
> >>This article is just talking about the sendmail vulnerability, if you can
> >>manage to read through the sensationalist BS. :-) It is definitely worth
> >>attention, however, and my systems are already patched.
> > 
> > 
> > Yes, I prefer alerts that aren't like reading a tabloid (albeit still not
> > that great):
> > 
> > http://www.cert.org/advisories/CA-2003-07.html
> > 
> > or better yet:
> > 
> >
>
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc
> > 
> 
> No kidding. I think it's higher-profile because it's the first[1] 
> vulnerability released under the Department of Homeland Security's newly 
> watchful eyes. The announcement I got from SANS reads like a press kit[2].
> 
> Are all new vulnerabilities going to be released this way?

I have a feeling, yes... at least for fairly important alerts.  The DOHS
certainly patted itself on the back on this one, and possibly slightly
deservingly.

But the media blows all security releases out of proportion.  The Slammer
worm came across as a threat to humanity, when in fact, if MSSQL admins would
have applied a critical patch available last June, there wouldn't be any
problem.

On the bright side, the media makes a big deal that a worm is loose in MS
land, while making a big deal when a risk is found in UNIX land; gives the
UNIX admins a nice heads up  :)

...

> [2] I would think it's OK to post this...
> ***********************************************************************
> Here's the DHS/NIPC Advisory

Wait... who's that knocking on your door!  :)

> 
> Remote Sendmail Header Processing Vulnerability
> 
> SUMMARY:
> 
> The Department of Homeland Security (DHS), National Infrastructure
> Protection Center (NIPC) is issuing this advisory to heighten
> awareness of the recently discovered Remote Sendmail Header Processing
> Vulnerability (CAN-2002-1337). NIPC has been working closely with
> the industry on vulnerability awareness and information dissemination.





More information about the talk mailing list