From owner-freebsd-security Fri Aug 14 15:12:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA25249 for freebsd-security-outgoing; Fri, 14 Aug 1998 15:12:30 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA25221 for ; Fri, 14 Aug 1998 15:12:20 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.7/8.8.7) with SMTP id KAA05433; Sat, 15 Aug 1998 10:09:30 +1200 (NZST) (envelope-from andrew@squiz.co.nz) Date: Sat, 15 Aug 1998 10:09:29 +1200 (NZST) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Garrett Wollman cc: Satya Palani , security@FreeBSD.ORG Subject: Re: Sendmail greeting In-Reply-To: <199808141703.NAA05937@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 14 Aug 1998, Garrett Wollman wrote: > > Of course, the version number is still being broadcast through the > > headers. Take this message, for example: > > That doesn't bother me -- the attacker would have to find mail > messages from me, which were archived without the usual header > stripping. `mscan' doesn't know how to do this -- it might learn how > to exploit future sendmail flaws. While mscan may not do this, it's probably not going to be dificult for a hacker to get your machine to mail a delivery report back to them. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message