[3625] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).

daemon@ATHENA.MIT.EDU (Bryan Reece)
Sun Nov 17 15:41:14 1996

Date: 	Sun, 17 Nov 1996 19:19:43 -0000
Reply-To: Bryan Reece <reece@taz.nceye.net>
From: Bryan Reece <reece@taz.nceye.net>
X-To:         alan@manawatu.gen.nz
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To:  <Pine.SUN.3.90.961117235225.5461E-100000@papaioea.manawatu.gen.nz> (message from Alan Brown on Sun, 17
              Nov 1996 23:54:47 +1300)

   From:        Alan Brown <alan@manawatu.gen.nz>

   How many of these exploits are thwarted by setting sendmail.cf's
   O RunAsUser=postmaster switch, making /var/spool/mail and var/spool/mqueue
   664 postmaster.mail and giving postmaster a shell of /bin/false (C
   version, compiled -Bstatic.)


Not quite as many as simply getting rid of sendmail and using
something else.  Has there ever been a security-related problem with
qmail?

home	help	back	first	fref	pref	prev	next	nref	lref	last	post