CERT: Sendmail Distribution Contained Trojan Horse

Scoria writes "According to a CERT advisory published this afternoon, the public distribution of Sendmail 8.12.6 contained a trojan horse from September 28 to October 6. For more detailed information, please consult advisory CA-2002-28." This sounds very much like what happened to OpenSSH.

And that's why you should use Open Source Software

suckers.

Re:Sendmail is now worthless, instead

[phorm]

I used qmail on my servers, it runs very smoothly and I haven't had any problems since I got it properly configured. I'm still trying to figure out how to use SMTP AUTH though (it seems that qmail requires the addins of others to use this) and having to change outgoing mail settings on my laptop whenever I go somewhere is a pain in the butt. life with qmail details all the necessary instructions except for SMTP AUTH configuration.

If somebody on /. would be so kind as to offer a good SMTP AUTH plug with a comprehensive set of instructions, I'd recommend you try it.

It's the competency, stupid.

Point is, this worm will be substantially more mild than any Winbloze worm. Unlike Winblows administrators, who are very stupid, Linux administrators are highly trained and very good at what they do.

Now if this were a bug in Micro$hit Winblows DRM Edition, I would be worried. But I'm not, because Linux is better.

Re:But that's okay...

I hear that O'Reilly has made a new book called "Trojans in a Nutshell" in addition to "The Virus Bible".

Highly recommended according to CowboyNeal's wish list on Amazon.

Re:A Sad Day for Egg Troll

Do a search on sendmail security holes. Next, search on IIS security holes. After that, come back here and publically appologize for being a fucking idiot.