From owner-freebsd-security Mon Mar 3 18:29: 4 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64A7B37B401 for ; Mon, 3 Mar 2003 18:29:02 -0800 (PST) Received: from web12806.mail.yahoo.com (web12806.mail.yahoo.com [216.136.174.41]) by mx1.FreeBSD.org (Postfix) with SMTP id E51A643FE3 for ; Mon, 3 Mar 2003 18:29:01 -0800 (PST) (envelope-from zaunere@yahoo.com) Message-ID: <20030304022901.70698.qmail@web12806.mail.yahoo.com> Received: from [66.114.70.134] by web12806.mail.yahoo.com via HTTP; Mon, 03 Mar 2003 18:29:01 PST Date: Mon, 3 Mar 2003 18:29:01 -0800 (PST) From: Hans Zaunere Reply-To: hans@nyphp.org Subject: Re: SA-03:04.sendmail Bin Update To: Chris McCluskey , security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Chris McCluskey wrote: > > Ok... > > Here's what I show: > > namehere# telnet namehere 25 > Trying 192.x.y.z... > Connected to namehere.digitaldeck.com. > Escape character is '^]'. > 220 namehere.digitaldeck.com ESMTP Sendmail 8.12.6/8.12.6; Mon, 3 Mar > 2003 16:22:53 -0800 (PST) > > namehere# strings sendmail-4.7-i386-nocrypto.bin |grep 8.12 > @(#)$Id: safefile.c,v 8.124 2002/05/24 20:50:15 gshapiro Exp $ > 8.12.6 > > I have been tracking RELENG_4_7 and it looks like 4.12.6 to me. So > again, I want to make sure that this version of Sendmail has been > patched. What's the best verification procedure to insure that the > patched version is online? I'm in the exact same situation. I replaced the sendmail binary but it shows the same sig as before. While I have great confidence in the FreeBSD team, is there some way I can validate everything is kosher? Hans To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message