[1304] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Sendmail 8.8.2 exploit.

daemon@ATHENA.MIT.EDU (Uri Blumenthal)
Wed Nov 20 05:56:30 1996

Old-X-Envelope-From: uri@watson.ibm.com  Tue Nov 19 14:16:31 1996
From: Uri Blumenthal <uri@watson.ibm.com>
To: linux-security@redhat.com
Date: Tue, 19 Nov 1996 14:16:28 -0500 (EST)
In-Reply-To: <199611180836.JAA15574@tiger.cert.dfn.de> from "Wolfgang Ley" at Nov 18, 96 09:36:12 am
Reply-To: uri@watson.ibm.com
Resent-From: linux-security@redhat.com

Wolfgang Ley says:
> > Hm, look what I got hold of today.. Works if sendmail is mode 4111 or
> > similar:
> [exploit script deleted]
> 
> Sendmail 8.8.3 (which is available now) fixes the problem.

NO IT DOESN'T.

I've tried it, and was able to get root consistently with sendmail-8.8.3.
Would anybody outline the code that presumably plugs this hole?
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>


home help back first fref pref prev next nref lref last post