[5113] in bugtraq
sendmail -C: Known? Patches? (AIX 4.1.5)
daemon@ATHENA.MIT.EDU (DI. Dr. Klaus Kusche)
Wed Aug 6 18:29:50 1997
Date: Wed, 6 Aug 1997 08:07:36 PDT
Reply-To: "DI. Dr. Klaus Kusche" <Klaus.Kusche@OOE.GV.AT>
From: "DI. Dr. Klaus Kusche" <Klaus.Kusche@OOE.GV.AT>
To: BUGTRAQ@NETSPACE.ORG
On several not-so-official WWW pages, I found a hint that
/usr/lib/sendmail -C <any-file-you-want-to-read>
produces "interesting" output.
I tried that on our AIX 4.1.5 (as an ordinary user!) with
"/etc/security/passwd", and it indeed displayed all the
shadow passwords.
I checked IBM's and CERT's archives about it and found nothing.
Questions:
1.) Is the problem known?
2.) Does IBM have a fix for it?
3.) Is it fixed in the latest (non-IBM) sendmail releases?
DI. Dr. Klaus Kusche
Oberoesterreichische Landesregierung / Government of Upper Austria
Rechenzentrum / Computing Centre
Smail: Kaerntnerstrasse 16, A-4020 Linz, Austria (Europe)
Phone: +43 732 7720 - 3394 Fax: +43 732 7720 - 3198
Email: Klaus.Kusche@ooe.gv.at
