[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Strange RHEL4 U3 Behavior

From: Tom Sightler <ttsig tuxyturvy com>
To: Ed Brown <ebrown lanl gov>
Cc: "Red Hat Enterprise Linux 4 \(Nahant\) Discussion List" <nahant-list redhat com>
Subject: Re: Strange RHEL4 U3 Behavior
Date: Fri, 24 Mar 2006 22:39:31 -0500

On Fri, 2006-03-24 at 15:30 -0700, Ed Brown wrote:
> Have you updated sendmail for the recent remote vulnerability?  Perhaps
> someone was trying to (did?) exploit it.  Or possibly the update has
> introduced a problem...   

I actually even thought about this, however, it seems fairly unlikely.
For one, based on our analysis of the logs there were actually no active
connections at the time the system failed.  Also, even though the system
acts as an anti-virus/spam filter, it's actually the third relay in a
multi-level system.  Mails has to pass a commercial application level
SMTP firewall, a commercial anti-spam/anti-virus system which does store
and forward before it is even forwarded to this system.  In other words,
at no time is a direct connection from the Internet to this system even
possible and I'm pretty sure the recent exploit required a direct TCP
connection, right (it required a user to be able to control the timing I
think)?

Still a good thought, I had the same one, and I guess I still can't rule
it out 100% since I don't know exactly what was required for the
exploit.

Thanks,
Tom

References:
- Strange RHEL4 U3 Behavior
  - From: Tom Sightler
- Re: Strange RHEL4 U3 Behavior
  - From: Ed Brown

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]