[8027] in bugtraq
Re: your mail
daemon@ATHENA.MIT.EDU (Phil Stracchino)
Fri Sep 25 17:02:20 1998
Mail-Followup-To: BUGTRAQ@netspace.org
Date: Fri, 25 Sep 1998 11:53:46 -0700
Reply-To: Phil Stracchino <root@CARDIMA.COM>
From: Phil Stracchino <root@CARDIMA.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.4.01.9809241006080.697-100000@securebox.dyn.ml.org>;
from Simon Smith on Thu, Sep 24, 1998 at 10:14:06AM -0400
On Thu, Sep 24, 1998 at 10:14:06AM -0400, Simon Smith wrote:
> This is not the same attack as the last one regarding the "(".
> This one does not make your system hang but rather alters permissions is
> seems. If this was already posted please disregard it.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> Be conscious that Sendmail 8.9.1a/8.9.0 has a critical security
> flaw in it. I have tested this on debain Linux. I have not had time to
> hack the source and find out where the hole is. (Yes I am going to give
> notice to sendmail.) I have not determined if other systems are open to
> this attack, but to check, create a user that you can eliminate.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"exploit" skipped
I have to suspect Pine or a configuration error of some kind rather than
sendmail itself. I am unable to replicate this behavior on a
Slackware-based system using 8.9.0, 8.9.1, or 8.9.1a.
--
Phil V. Stracchino
MIS Administrator
Cardima, Inc.
mis@cardima.com
