[19355] in bugtraq
Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Mon Feb 26 14:40:46 2001
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
Message-ID: <20010223133436.A87367@mollari.cthul.hu>
Date: Fri, 23 Feb 2001 13:34:36 -0800
Reply-To: Kris Kennaway <kris@OBSECURITY.ORG>
From: Kris Kennaway <kris@OBSECURITY.ORG>
X-To: security@TURBOLINUX.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010222140935.A3706@turbolinux.com>; from
security@TURBOLINUX.COM on Thu, Feb 22, 2001 at 02:09:35PM -0800
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Feb 22, 2001 at 02:09:35PM -0800, security@TURBOLINUX.COM wrote:
> Sendmail, launched with the -bt command-line switch, enters its special
> "address test" mode. Under these conditions, it is vulnerable to a
> segmentation fault which can occur when trying to set a class in ad-
> dress test mode due to a negative array index.
>=20
> 2. Impact
>=20
> A user can gain root privileges.
This was proven to be wrong - this bug is not believed to have any
security impact.
Kris
--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE6ltdsWry0BWjoQKURAmbqAKD1S+X0trV8KJ/8U5lQ4mxLqY7IhQCg6qmU
CEgm282wkDpjkkcAsG8Nzzg=
=6Sum
-----END PGP SIGNATURE-----
--VS++wcV0S1rZb1Fb--
