This may be old news to some of you, but for those that it isnt, we're just posting a general alert to help minimize any potential worms that may hit the wild at some point:

Dear Valued Customers,

A new vulnerability for the software package sendmail has very recently been revealed. In summary it is a vulnerability that can allow an attacker the same privileges as the sendmail daemon, which is often root, allowing the attacker complete access to your server. More details can be found on this exploit here:
http://www.cert.org/advisories/CA-2003-07.html

Since the issuance of the advisories, many platforms have begun to release patches to fix this problem. If you ordered a server simply with Plain RedHat, the following page contains more information about the exploit and contains links to download the patched versions of the software:
https://rhn.redhat.com/errata/RHSA-2003-073.html

If you ordered a server with Ensim, the following page contains the latest updates for the Ensim Webppliance, the specific patch for sendmail is under the LS 3.1.7 release, but we as always recommend you remain up to date on all patches:
http://www.ensim.com/support/wpls/index.html

Unfortunately as of this writing, there has been no patch released for the Cobalt RaQ product line, but we recommend you keep a regular eye on this location for the patch to come out:
http://sunsolve.sun.com/pub-cgi/show.pl?ta...g&nav=patchpage

Those running our Plesk servers or independantly running qmail will not be affected by this vulnerability unless they have the sendmail daemon running.

This is meant as an advisory only, Rackshack is in no way responsible for the results of applying the above patches and can only recommend that you install them for the safety of your server and Rackshack’s network. As always we recommend you maintain recent backups and backup your data often.

For the Cobalt RAQ you can find a patch at http://www.raqtweak.com/free.php

This is also for the NEW vulnerability, CERT CA-2003-12

The pkg's intended to fix the sendmail vulnerability found in http://sunsolve.sun.com/pub-cgi/show.pl?ta...g&nav=patchpage simply don't install for me... any errors... notuing at all.

How can I update it?

> "Problem installing package component: sendmail-conf-8.10.2-C3.i386.rpm"

download the pkg.
tar xvzf *.pkg
rpm -Uvh RPMS/*

see what lines it gives you,
open /etc/mail/virtusertable, find the lines,
comment them out...

then try installing the PKG again.

Sun has released patches for the sendmail issues to date so use those and not 3rd party patches.

Many 3rd party patches will cause official updates to fail. You may need to either remove the 3rd party patch or do a force install.

Typically, I suggest removing the 3rd party patches when cobalt releases official ones. This way you will not hinder future update due to pre-requisites.

I am new with RackShack; I leased my server less than a month ago. I am using Red Hat and Plesk.

This is what I have done so far (all easy to undo if completely wrong):

1) Visited https://rhn.redhat.com/errata/RHSA-2003-073.html - as indicated below, then

2) Used a telnet connection to determine my version of Red Hat ("Red Hat Linux release 7.3 (Valhalla)"), then

3) Clicked to https://rhn.redhat.com/errata/RHSA-2003-073...t%20Linux%207.3 (actually, just a scroll down of the same page) to match the link labeled "Red Hat Linux 7.3", then

4) Found the message that the patch had been outdated:...so I clicked the link, then

5) Clicked the link labeled Red Hat Linux 7.3, then

6) Telnetted to my server, switched to root, and downloaded the src.rpm via lynx, then

7) "installed" the source (rpm -i), changed to the SOURCES directory, untarred/ungzipped the tarfile, then

Was scared off by things in the "INSTALL" and other files that I don't understand, including, but not limited to:"database maps"? What?