[1304] in linux-security and linux-alert archive
[linux-security] Re: Re: Sendmail 8.8.2 exploit.
daemon@ATHENA.MIT.EDU (Uri Blumenthal)
Wed Nov 20 05:56:30 1996
Old-X-Envelope-From: uri@watson.ibm.com Tue Nov 19 14:16:31 1996
From: Uri Blumenthal <uri@watson.ibm.com>
To: linux-security@redhat.com
Date: Tue, 19 Nov 1996 14:16:28 -0500 (EST)
In-Reply-To: <199611180836.JAA15574@tiger.cert.dfn.de> from "Wolfgang Ley" at Nov 18, 96 09:36:12 am
Reply-To: uri@watson.ibm.com
Resent-From: linux-security@redhat.com
Wolfgang Ley says:
> > Hm, look what I got hold of today.. Works if sendmail is mode 4111 or
> > similar:
> [exploit script deleted]
>
> Sendmail 8.8.3 (which is available now) fixes the problem.
NO IT DOESN'T.
I've tried it, and was able to get root consistently with sendmail-8.8.3.
Would anybody outline the code that presumably plugs this hole?
--
Regards,
Uri uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>