|   | CIAC Advisory number A- 16NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
 
 FOR    OFFICIAL    DOE    USE    ONLY
 ________________________________________________________________________
 THE COMPUTER INCIDENT ADVISORY CAPABILITY
 
 CIAC
 
 INFORMATION BULLETIN
 ________________________________________________________________________
 
 Vulnerability in SUN sendmail program
 
 January 29, 1990, 0900 PST                            	Number A-16
 
 CIAC has been advised of a new vulnerability in the SUN sendmail
 program.  This vulnerability (SUN bug #1028173) exists in all versions
 of SUN OS (version 4.1, 4.0.3 on SUN 3, SUN 4, as well as SUN 386i
 systems, for which version 4.0.2 is the most current version).  This
 vulnerability has been exploited in several recent Internet breakins.
 
 You may obtain a patch directly from SUN by calling (800) USA-4SUN, or
 may obtain SUN 3 and 4 sendmail binaries using anonymous FTP from
 uunet.uu.net in the /sun-fixes directory.  CIAC can also provide you
 with a patch for this vulnerability.
 
 Recent versions of UNIX systems other than SUN OS systems contain a
 sendmail fix.  CIAC encourages you to consult with your vendor about
 upgrading to a recent release if the version you are running does not
 have this fix.
 
 If you have questions, please contact CIAC.
 
 Tom Longstaff
 (415) 423-4416 or (FTS) 543-4416
 FAX: (FTS) 543-0913 or (415) 294-5054
 
 CIAC's business hours phone number is (415) 422-8193 or (FTS)
 532-8193.  CIAC's 24-hour emergency hot-line number is (415) 971-9384.
 If you call the emergency number and there is no answer, please leave
 a voice mail message.  Someone will return your call promptly.  You may
 also send e-mail to:
 
 [email protected]
 
 This bulletin is based on information supplied by the Computer
 Emergency Response Team Coordination Center.  Neither the United
 States Government nor the University of California nor any of their
 employees, makes any warranty,  expressed or implied, or assumes any
 legal liability or responsibility for the accuracy, completeness, or
 usefulness of any information, product, or process disclosed, or
 represents that its use would not infringe privately owned rights.
 Reference herein to any specific commercial products, process, or
 service by trade name, trademark manufacturer, or otherwise, does not
 necessarily constitute or imply its endorsement, recommendation, or
 favoring by the United States Government or the University of
 California.  The views and opinions of authors expressed herein do not
 necessarily state or reflect those of the United States Government nor
 the University of California, and shall not be used for advertising or
 product endorsement purposes.
 
 |   |