Changing the version broadcasted by Sendmail

MKlinke mklinke at axsi.com
Wed Sep 22 21:59:23 UTC 2004


On Wednesday 22 September 2004 16:41, Reuben D. Budiardja wrote:
> Hello,
> I am having some problem with my campus network administrator /
> ISP complaining that I am running vulnerable versions of sendmail
> on our older machines (redhat 7.3 and 9), since the version
> broadcasted by sendmail is < 8.12.10, which according to sendmail
> website fixed a security vulnerability.
>
> I checked RHN errata and I know that Redhat already backported
> the security fix for that problem before the EOL of RH 9 and 7.3,
> so my sendmail versions are not vulnerable. It's just Redhat did
> not change their sendmail version from 8.11.x to 8.12.x.
>
> I explained this to them and they didn't believe it. They can't
> even believe that Redhat as a vendor would fix any vulnerability
> found in sendmail, and they insist that they go by what's in
> Sendmail website and that I have to upgrade my sendmail. Well I
> don't want to do that since I know I am not vulnerable. Even
> fedoralegacy does not have any more fixes for Sendmail.
>
> So my question, is there any way that I can change the version
> broadcasted by sendmail, so that for example when I do 'telnet
> machine 25' I get the 'required' version (ie. 8.12.11 or
> whatever) ? I assume something like that is what the network
> admin people here do to check the version of sendmail that I'm
> running.
>
> Any suggestion ? Anyone's been in similar situation before ? what
> do you do in that case ? Any respond will be appreciated.
>
> Thanks.
> RDB

Are your school's administrators proficient enough to understand the 
CVE (cve.mitre.org) designations?  If so, just point them to the RH 
errata pages; e.g. https://rhn.redhat.com/errata/RHSA-2003-283.html 
which shows fixes in each package.

The RH9 errata is here: 
https://rhn.redhat.com/errata/rh9-errata.html

and the RH7.3 errata is here:
https://rhn.redhat.com/errata/rh73-errata.html

Regards, Mike Klinke





More information about the redhat-list mailing list