[3496] in bugtraq
Re: Remote exploit in sendmail 8.8.0
daemon@ATHENA.MIT.EDU (Alain Magloire)
Thu Oct 17 14:52:10 1996
Date: Thu, 17 Oct 1996 12:40:28 -0400
Reply-To: Alain Magloire <alain.magloire@rcsm.ee.mcgill.ca>
From: Alain Magloire <alain.magloire@rcsm.ee.mcgill.ca>
X-To: nobody@cypherpunks.ca
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199610170116.SAA04638@abraham.cs.berkeley.edu> from "John
Anonymous MacDonald" at Oct 16, 96 09:34:10 pm
>
> There is a serious bug in the mime7to8() function of sendmail 8.8.0
> which allows anyone who can send you mail to execute arbitrary code as
> root on your machine. I think mime7to8() only gets invoked if you set
> the undocumented "9" mailer flag. However, this flag is set by
> default in the cf/mailer/local.m4 file that ships with sendmail
> 8.8.0. Thus, if you are using an old V6 format configuration file
> from sendmail 8.7, you are probably safe, but if you generated a new
> V7 configuration file, you are probably vulnerable to this bug.
>
From the READ_ME
MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions. Not yet
implemented.
How about to simply recompile with
-DMIME7TO8=0
?
--
alain
