Trojan-modified Sendmail floating around - 8.12.6 - Since Sept. 28th or earlier.

Bill Stewart bill.stewart at pobox.com
Tue Oct 8 18:45:13 PDT 2002


Somebody backdoored the source code for Sendmail on the official server.
So if you recompile from scratch, your sendmail is 0wned.
Another reason not to run mail systems as root....

http://rss.com.com/2100-1001-961311.html?type=pt&part=rss&tag=feed&subj=news

By  Robert Lemos
Staff Writer, CNET News.com
October 8, 2002, 5:57 PM PT

Some copies of a popular mail-server program are implanted with a back door 
that could allow access to Internet attackers, security experts warned Tuesday.

A Computer Emergency Response Team (CERT) Coordination Center advisory said 
that illicit code added to the Sendmail package creates a back door when 
the program is compiled from its source code. Such a compromised 
program--called a Trojan horse by security experts--can leave networks 
exposed to attack and administrators unaware of the vulnerabilities.

The source code files of Sendmail 8.12.6 were apparently modified as far 
back as Sept. 28, according to the advisory. The Sendmail Consortium 
http://www.sendmail.org  removed file transfer protocol (FTP) access to the 
server on Sunday. A safe version of the file can still be downloaded via 
the Web.

"If you download the Sendmail distribution you MUST verify the PGP 
signature," stated the consortium on its site. "Do NOT use Sendmail without 
verifying the integrity of the source code."

The added code links to a specific server on the Internet, said CERT in its 
advisory. The security group also recommends that anyone who downloads 
Sendmail verify the file's integrity.

Because only the act of compiling the file activates the hostile program 
code, restarting the Sendmail server seems to deactivate the backdoor





More information about the cypherpunks-legacy mailing list