[2302] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Sendmail 8.6.12 hole & smrsh

daemon@ATHENA.MIT.EDU (Janis Lacis)
Thu Oct 12 10:17:20 1995

Date:         Thu, 12 Oct 1995 14:01:09 -0200
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Janis Lacis <janis@MII.LU.LV>
X-To:         BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>

>Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
>that was incompletely patched in 8.7, and (supposedly) finally patched
>in 8.7.1?

I wonder if the attack is still possible if there is a "smrsh" shell
installed instead of "sh" in sendmail.cf ?

--     Janis Lacis, LATNET administrator,
  Institute of Mathematics
           and Computer Science,
  University of Latvia
  Rainis boulevard 29, Riga                Phone: +3712-212427
  LV-1459,Latvia                             Fax: +3718-820153
                   E-mail: janis@mii.lu.lv
==========================================================================


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2302] in bugtraq

Sendmail 8.6.12 hole & smrsh

daemon@ATHENA.MIT.EDU (Janis Lacis)Thu Oct 12 10:17:20 1995

daemon@ATHENA.MIT.EDU (Janis Lacis)
Thu Oct 12 10:17:20 1995