CERT: Sendmail Distribution Contained Trojan Horse

← Back to Stories (view on slashdot.org)

CERT: Sendmail Distribution Contained Trojan Horse

Posted by michael on Tuesday October 8, 2002 @01:28PM from the security-starts-inside dept.

Scoria writes "According to a CERT advisory published this afternoon, the public distribution of Sendmail 8.12.6 contained a trojan horse from September 28 to October 6. For more detailed information, please consult advisory CA-2002-28." This sounds very much like what happened to OpenSSH.

11 of 324 comments (clear)

But that's okay... by Anonymous Coward · 2002-10-08 13:29 · Score: 5, Funny

As long as you could also get the source to the Trojan, as well... right?
Microsoft Sux!!! by Anonymous Coward · 2002-10-08 13:40 · Score: 3, Funny

What?! It's not M$? oh.......
Thank GOD for Microsoft! by eamber · 2002-10-08 13:40 · Score: 5, Funny

Good thing I use Exchange Server. I've got a tight ship there.
1. Re:Thank GOD for Microsoft! by Sabalon · 2002-10-08 14:31 · Score: 5, Funny
  
  Don't forget that according to the earlier article you will now need to pay extra for that tight ship - otherwise you get the submarine with the screen door.
This is a good reason to get windows! by greenskyx · 2002-10-08 13:42 · Score: 4, Funny

That way when you get your software you know who put the security holes in it. It's all part of trustworthy computing... ;-)
Sendmail by Anonymous Coward · 2002-10-08 13:43 · Score: 2, Funny

Further proof that security through obscurity don't work.
Re:Checksums by Anonymous Coward · 2002-10-08 13:50 · Score: 5, Funny

Also can't forget about the black hats and chinese/russian/terrorist groups as well.

Incorrect md5 sums certainly strike terror into my heart.
Re:A Sad Day for Egg Troll by benwb · 2002-10-08 14:36 · Score: 3, Funny

Yes, of course, that was exactly what I meant. Thank goodness you were on the ball, or someone would have thought that I was alluding to Fort Knox's traditional reputation of extremely high security.
Re:Only the FTP... by Quixote · 2002-10-08 14:39 · Score: 4, Funny

I even seem to remember pressed CDs being distributed with trojans.
Surely these can't be Microsoft CDs!?! According to a KB article at Microsoft.com, "Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows-based, and Macintosh-based viruses."
Re:LMAO! by Wdomburg · 2002-10-08 15:07 · Score: 4, Funny

>It is still funny, simply because it is yet
>another sendmail problem.

Yeah, and if someone breaks into your house and pees on your carpet, it's yet another carpet problem.

Matt
Re:Hardly news ... by Trogre · 2002-10-08 15:15 · Score: 5, Funny

Let's see, a Trojan Horse is basically defined as an undocumented chunk of code hiding inside a program, which does something that you don't know about or understand.

Not quite.
A Trojan Horse is defined as a big wooden horse which sat outside the ancient city of Troy, just large enough to happily contain 700 greeks in full battle dress and still leave adequate room for toilet facilities.

For more information read Homers's Iliad.

--
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife