From owner-freebsd-security Wed Oct 9 7:25:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17A4837B401 for ; Wed, 9 Oct 2002 07:25:53 -0700 (PDT) Received: from svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (svr-ganmtc-appserv-mgmt.ncf.coxexpress.com [24.136.46.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FF5443E3B for ; Wed, 9 Oct 2002 07:25:52 -0700 (PDT) (envelope-from jedgar@www.fxp.org) Received: from darkstar.doublethink.cx (cpe-oca-24-136-59-202-cmcpe.ncf.coxexpress.com [24.136.59.202]) by svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (8.11.4/8.11.4) with ESMTP id g99EPpd22190 for ; Wed, 9 Oct 2002 10:25:52 -0400 Received: by darkstar.doublethink.cx (Postfix, from userid 1000) id 01A7925A; Wed, 9 Oct 2002 10:25:46 -0400 (EDT) Date: Wed, 9 Oct 2002 10:25:46 -0400 From: Chris Faulhaber To: freebsd-security@freebsd.org Subject: Re: Sendmail trojan...? Message-ID: <20021009142546.GA27227@darkstar.doublethink.cx> References: <3DA3AE76.1070006@deevil.homeunix.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline In-Reply-To: <3DA3AE76.1070006@deevil.homeunix.org> X-Mailer: socket() Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 09, 2002 at 12:20:06AM -0400, Ken Ebling wrote: > http://www.cert.org/advisories/CA-2002-28.html >=20 > I'm assuming recent cvs buildworlds are immune to this?? >=20 (resending from a subscribed address) Yes, the source in the tree has been verified against the signed tarball; plus, it was the configure script that was backdoored which buildworld does not use. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iD8DBQE9pDxqObaG4P6BelARAjEFAJ441moEwEZnC1hPcvSejbIhfHv2SQCeIxc+ NRV6WI4hxG29CIJJCDlBUO8= =Fdra -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message