OpenBSD Journal

sendmail trojan

Contributed by jose on from the crypto-verify dept.

ycel writes:
"the sendmail package version 8.12.6 contains an openssh like trojan. this issue is on the cert site at CA-2002-28 . is openbsd-current sendmail source infected with this trojan?"
OpenBSD shouldn't be affected by this as only every now and then the Sendmail sources are updated. However, some admins who used home rolled Sendmail installations may be affected. Note that the modified distfile was up and available for several days (unlike the OpenSSH Trojan, which was fixed in under a day).

(Comments are closed)


Comments
  1. By Arrigo Triulzi () on http://www.alchemistowl.org/arrigo

    Note that the trojan is actually active only during the install phase. What this means is that the binary which is actually built is apparently not trojanised.

    You are vulnerable during the installation process when a process opens up a connection on the usual 6667/tcp.

  2. By Anonymous Coward () on

    http://marc.theaimsgroup.com/?l=openbsd-misc&m=103413593205960&w=2

  3. By Anonymous Coward () on

    The OpenSSH trojan was available for multiple days.

  4. By Josh () selerius@codefusion.org on http://www.codefusion.org

    since this is the second time this has happened, and probably not the last time, do we have any kind of methods of preventing this, or elliminating this from happening? I am leaning more towards a program/daemon that activly monitors pgp/md5 keys X times a day, based on a list of last known signatures. When it finds one, it lets someone know. I don't know if this would be a good idea or not, but I was just thinking about this incident and the openssh incident, maybe the idea is good, maybe i should just STFU.

  5. By strlen () alex@strlen.net on mailto:alex@strlen.net

    You mean there's still people using sendmail? I think sendmail.cf alone should be reason enough to switch to a much better MTA, such as exim or postfix. Personally I prefer to use postfix on smaller sites, and exim on larger sites. Postfix works excellently with OpenBSD, and of course it's in ports.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]