From owner-freebsd-security Fri Aug 14 10:03:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA27658 for freebsd-security-outgoing; Fri, 14 Aug 1998 10:03:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA27645 for ; Fri, 14 Aug 1998 10:03:52 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id NAA05937; Fri, 14 Aug 1998 13:03:18 -0400 (EDT) (envelope-from wollman) Date: Fri, 14 Aug 1998 13:03:18 -0400 (EDT) From: Garrett Wollman Message-Id: <199808141703.NAA05937@khavrinen.lcs.mit.edu> To: Satya Palani Cc: security@FreeBSD.ORG Subject: Re: Sendmail greeting In-Reply-To: References: <199808140111.VAA02156@khavrinen.lcs.mit.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: >> 220 khavrinen.lcs.mit.edu ESMTP server ready at Thu, 13 Aug 1998 21:10:03 -0400 (EDT) >> >> ...which doesn't leak any version information at all. > Of course, the version number is still being broadcast through the > headers. Take this message, for example: That doesn't bother me -- the attacker would have to find mail messages from me, which were archived without the usual header stripping. `mscan' doesn't know how to do this -- it might learn how to exploit future sendmail flaws. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message