[2144] in bugtraq
Re: CERT Alert on new sendmail bug - any info?
daemon@ATHENA.MIT.EDU (Karl Strickland)
Fri Aug 18 22:46:26 1995
Date: Sat, 19 Aug 1995 01:49:35 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Karl Strickland <karl@bagpuss.demon.co.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199508181754.NAA08233@fnord.wang.com> from "Tom Fitzgerald" at
Aug 18, 95 01:54:58 pm
>
> > I just got the new sendmail bug alert from CERT, and of course
> > it may affect my configuration - which leads to the question, does
> > anybody know what the problem is so I can temporarily defend my system?
>
> I don't have any real information, but my guess is that this is the same
> problem as [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995,
it is the same bug
> and that use of
> smrsh is an excellent defense against the bug.
it isnt :(
> 8lgm hasn't published an exploit for this problem, even though they said
> they passed the exploit on to CERT over three months ago.
After several lengthy discussions explaining the vulnerability to SUN (mostly
to convince them that a problem actually existed), we promised them we would
not release any exploit info until their patch was available (in this instance).
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
