> > To test this, remove your aliases.pag and aliases.dir and run > > 'newaliases'. If the files reappear as 666, your sendmail is vulnerable. > > The default Sun 4.1.3_U1 sendmail is vulnerable and at the time I sent it > > in, Unicos sendmail was also vulnerable, as well as others, I'm sure. > > > > BTW: I sent this to CERT and CIAC over a year ago, and it doesn't appear > > to be fixed yet (at least not by Sun). > > Vendors aim to fix bugs within 15 years of them being reported. Just > hang on in there and they'll get around to yours... > Hi, It isn't a problem in HP-UX 8.x or 9.x which are the versions that are supported (or the versions I at least claim to support.) I'm not claiming that we've addressed all network problems, but I am trying...in the past year, our HP sendmail has had about 6 patches covering maybe 60 issues so at this point I think we've addressed most of the pending sendmail security issues (I'm sure there are plenty more that I haven't heard of, sendmail being what it is.) flame away... Bob Kelley HP-UX Networking bkelley@cup.hp.com