Changing the version broadcasted by Sendmail
Reuben D. Budiardja
techlist at voyager.phys.utk.edu
Wed Sep 22 21:41:41 UTC 2004
Hello,
I am having some problem with my campus network administrator / ISP
complaining that I am running vulnerable versions of sendmail on our older
machines (redhat 7.3 and 9), since the version broadcasted by sendmail is <
8.12.10, which according to sendmail website fixed a security vulnerability.
I checked RHN errata and I know that Redhat already backported the security
fix for that problem before the EOL of RH 9 and 7.3, so my sendmail versions
are not vulnerable. It's just Redhat did not change their sendmail version
from 8.11.x to 8.12.x.
I explained this to them and they didn't believe it. They can't even believe
that Redhat as a vendor would fix any vulnerability found in sendmail, and
they insist that they go by what's in Sendmail website and that I have to
upgrade my sendmail. Well I don't want to do that since I know I am not
vulnerable. Even fedoralegacy does not have any more fixes for Sendmail.
So my question, is there any way that I can change the version broadcasted by
sendmail, so that for example when I do 'telnet machine 25' I get the
'required' version (ie. 8.12.11 or whatever) ? I assume something like that
is what the network admin people here do to check the version of sendmail
that I'm running.
Any suggestion ? Anyone's been in similar situation before ? what do you do in
that case ? Any respond will be appreciated.
Thanks.
RDB
More information about the redhat-list
mailing list