[239] in Intrusion Detection Systems
No subject found in mail header
daemon@ATHENA.MIT.EDU (owner-ids@uow.edu.au)
Sun May 21 09:20:26 1995
Date: Sun, 21 May 1995 20:47:23 +1000
From: owner-ids@uow.edu.au
Apparently-To: ids-outgoing@wyrm.cc.uow.edu.au
>>From ids-owner Sat May 20 17:29:59 1995
>Received: from talk2_p9.ozonline.com.au ([203.4.251.77]) by wyrm.cc.uow.edu.au (8.6.11/8.6.11) with ESMTP id RAA26600 for <ids@uow.edu.au>; Sat, 20 May 1995 17:21:47 +1000
>Received: from 203.3.13.38 (dosbox [203.3.13.37]) by talk2_p9.ozonline.com.au (8.6.12/8.6.6) with SMTP id RAA01086 for <ids@uow.edu.au>; Sat, 20 May 1995 17:16:38 +1000
>Message-Id: <199505200716.RAA01086@talk2_p9.ozonline.com.au>
>X-Sender: ap@203.3.13.38
>X-Mailer: Windows Eudora Version 1.4.4
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Sat, 20 May 1995 18:29:33 -1000
>To: ids@uow.edu.au
>From: ap@budapest.ozonline.com.au (Andrew Prendergast)
>Subject: [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995
Sender: owner-ids@wyrm.cc.uow.edu.au
Precedence: bulk
Reply-To: ids@wyrm.cc.uow.edu.au
>>Received: from gmurrh.ozonline.com.au (root@gmurrh.ozonline.com.au
>[203.4.248.200]) by talk2_p6.ozonline.com.au (8.6.12/8.6.6) with ESMTP id
>NAA01520 for <ap@talk2_p6.ozonline.com.au>; Thu, 18 May 1995 13:35:30 +1000
>>Received: from disperse.demon.co.uk (disperse.demon.co.uk [158.152.1.77])
>by gmurrh.ozonline.com.au (8.6.12/8.6.6) with SMTP id HAA21318 for
><ap@gmurrh.ozonline.com.au>; Fri, 19 May 1995 07:45:01 +1000
>>Received: from punt.demon.co.uk by disperse.demon.co.uk id av05834;
>> 18 May 95 4:28 GMT-60:00
>>Received: from bagpuss.demon.co.uk by punt.demon.co.uk id aa15290;
>> 18 May 95 4:09 GMT-60:00
>>Received: (8lgm@localhost) by bagpuss.demon.co.uk (99.9/99.9) id EAA05071;
>Thu, 18 May 1995 04:06:51 +0100
>>Date: Thu, 18 May 1995 04:06:51 +0100
>>From: "[8LGM] Security Team" <8lgm@bagpuss.demon.co.uk>
>>Message-Id: <199505180306.EAA05071@bagpuss.demon.co.uk>
>>To: cert@cert.org, 8lgm-advisories@bagpuss.demon.co.uk
>>Subject: [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995
>>
>>This advisory has been sent to:
>>
>> comp.security.unix
>> CERT/CC <cert@cert.org>
>>
>>===========================================================================
>> [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995
>>
>>
>>PROGRAM:
>>
>> sendmail(8) (Version 5.*)
>>
>>KNOWN VULNERABLE VERSIONS:
>>
>> SunOS 4.1.* up to and including patch 100377-19
>> Sendmail V5.*
>> IDA Sendmail V5.*
>> (Likely that any sendmail based on V5 is also vulnerable).
>>
>>DESCRIPTION:
>>
>> A flaw exists in versions of sendmail based on V5, which allows
>> users to run programs and/or append to files remotely.
>>
>> The user does not require an account on that system.
>>
>>IMPACT:
>>
>> Systems running V5 based sendmail are exploitable remotely.
>>
>>REPEAT BY:
>>
>> At this time, exploit details are not available. Exploit
>> details will be provided on the 8lgm fileserver, at some
>> point in the future.
>>
>>DISCUSSION:
>>
>> Details have been provided to ecd@cert.org, in order to speed
>> up availability of exploit information to vulnerable vendors.
>>
>>WORKAROUND & FIX:
>>
>> 1) Install V8 sendmail.
>>
>> 2) Obtain patch from vendor.
>>
>>FEEDBACK AND CONTACT INFORMATION:
>>
>> majordomo@8lgm.org (Mailing list requests - try 'help'
>> for details)
>>
>> 8lgm@8lgm.org (Everything else)
>>
>>8LGM FILESERVER:
>>
>> All [8LGM] advisories may be obtained via the [8LGM] fileserver.
>> For details, 'echo help | mail 8lgm-fileserver@8lgm.org'
>>===========================================================================
>>
>>
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Andrew Prendergast http://www.ozonline.com.au/netcafe/ap
>em: ap@ozonline.com.au ph: +61-3-9591-0982
>finger: findap@gmurrh.ozonline.com.au <--to find my talk address
> * HTML Authoring * Computer Security * System Administration *
>Some put meaningful statements in their .sig. Here's mine.
>-----BEGIN PGP PUBLIC KEY BLOCK-----
>Version: 2.3a
>mQCNAi+xH58AAAEEAL7YauUPVaI59ZYDspTc8cBDX7J5JNVzN0o8sGIp3YOwiWWC
>mvngUUUO8NPFS2bAeHqQWLOnQjRsyiR682p6r+FEH9JdwIs2HWbiWhD4gXLbR2qM
>6ch1TYDnVZ26KP+DnLc8quB87RoqVPnYzxilIApnM5yDoRLlitvhQ59hbOGVAAUR
>tCdBbmRyZXcgUHJlbmRlcmdhc3QgPGFwQG96b25saW5lLmNvbS5hdT4=
>=GfNr
>-----END PGP PUBLIC KEY BLOCK-----
--
+---------------------+--------------------------------------------------+
| ____ ___ | Justin Lister ruf@cs.uow.edu.au |
| | \\ /\ __\ | Center for Computer Security Research |
| | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327 |
| | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... |
| | Disclaimer: dreaming is at own risk |
+---------------------+--------------------------------------------------+
