On Wednesday 22 September 2004 16:41, Reuben D. Budiardja wrote: > Hello, > I am having some problem with my campus network administrator / > ISP complaining that I am running vulnerable versions of sendmail > on our older machines (redhat 7.3 and 9), since the version > broadcasted by sendmail is < 8.12.10, which according to sendmail > website fixed a security vulnerability. > > I checked RHN errata and I know that Redhat already backported > the security fix for that problem before the EOL of RH 9 and 7.3, > so my sendmail versions are not vulnerable. It's just Redhat did > not change their sendmail version from 8.11.x to 8.12.x. > > I explained this to them and they didn't believe it. They can't > even believe that Redhat as a vendor would fix any vulnerability > found in sendmail, and they insist that they go by what's in > Sendmail website and that I have to upgrade my sendmail. Well I > don't want to do that since I know I am not vulnerable. Even > fedoralegacy does not have any more fixes for Sendmail. > > So my question, is there any way that I can change the version > broadcasted by sendmail, so that for example when I do 'telnet > machine 25' I get the 'required' version (ie. 8.12.11 or > whatever) ? I assume something like that is what the network > admin people here do to check the version of sendmail that I'm > running. > > Any suggestion ? Anyone's been in similar situation before ? what > do you do in that case ? Any respond will be appreciated. > > Thanks. > RDB Are your school's administrators proficient enough to understand the CVE (cve.mitre.org) designations? If so, just point them to the RH errata pages; e.g. https://rhn.redhat.com/errata/RHSA-2003-283.html which shows fixes in each package. The RH9 errata is here: https://rhn.redhat.com/errata/rh9-errata.html and the RH7.3 errata is here: https://rhn.redhat.com/errata/rh73-errata.html Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
