[1089] in bugtraq
Re: OOPS - the wrapper fails
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Sat Feb 25 06:10:04 1995
Date: Sat, 25 Feb 1995 12:16:37 +0200 (IST)
From: Rafi Sadowsky <rafi@tavor.openu.ac.il>
To: "Dr. Frederick B. Cohen" <fc@all.net>
Cc: firewalls@GreatCircle.COM, bugtraq@fc.net
In-Reply-To: <199502250054.TAA03637@all.net>
On Fri, 24 Feb 1995, Dr. Frederick B. Cohen wrote:
> Well, here we go again - with the wrapper in place, the attack managed
> to place a file in my /tmp directory (owned by user nobody). I sure
> wish I had the source to this attack so I could try to fix it myself.
>
> If anyone has a better fix - let me know ASAP
> FC
>
sure which you would specify which attack you're talking about ...
if it is the AUTH/IDENT remote one I don't the the wrapper addresses that
problem ...
(from the source it seems to address problem with local users & ENV
variables - is that the kind of attack you're trying ? )
also what version of sendmail are your using ?
also maybe a more appropriate place for this would be bugtraq
(so I'll cross post - even though I hate it.. ) since we're talking about
unix bug - which does have a relation to firewalls but IMHO it's not the
right place ( and also has a non full disclosure policy )
Enjoy,
Rafi
--
Rafi Sadowsky rafi@tavor.openu.ac.il
[postmaster@openu.ac.il] FAX: +972-3-6460483
