Dario Vercelli
asked on
AIX - Sendmail Vulnerability: CVE-2014-3956
I have a system AIX with 6.1.00 tl9 is necessary install fix for sendmail-cve-2014-3956 ?
The problem exists only if I go to the internet world?
The problem exists only if I go to the internet world?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Yes it is a local vulnerability.
Cheers
Yes it is a local vulnerability.
Cheers
Local vulnerability concerns users that are ALLREADY logged on to equipment.
SSH/TELNET login and then are able to xploit. It doesn;t matter if SSH is over internet of intranet, or console..... You need to be logged-on to the machine somehow.
If **network is involved..., it is remotely exploitable. (** net intranet is equivalent to internet...) No need to logon through other means first.
SSH/TELNET login and then are able to xploit. It doesn;t matter if SSH is over internet of intranet, or console..... You need to be logged-on to the machine somehow.
If **network is involved..., it is remotely exploitable. (** net intranet is equivalent to internet...) No need to logon through other means first.
Hi,
that's all true in general.
Except that no one with a right state of mind will consider using telnetd nowadays or even make an IBM power server, which can cost over $100k a piece easily, directly accessible over the internet.
Cheers
that's all true in general.
Except that no one with a right state of mind will consider using telnetd nowadays or even make an IBM power server, which can cost over $100k a piece easily, directly accessible over the internet.
Cheers
ASKER
best solution
ASKER
If I understand correctly the vunerabilita 'only concerns the intranet part of local users, can not' be made by external users correct?