[2296] in bugtraq
Re: Sendmail 8.7, 8.7.1
daemon@ATHENA.MIT.EDU (Casper Dik)
Tue Oct 10 15:04:28 1995
Date: Tue, 10 Oct 1995 09:14:51 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Casper Dik <casper@Holland.Sun.COM>
X-To: Charles Howes <chowes@helix.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Mon, 09 Oct 1995 15:37:26 MST."
<Pine.SOL.3.91.951009152705.13199G-100000@asterix.helix.net>
>Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
>that was incompletely patched in 8.7, and (supposedly) finally patched
>in 8.7.1?
It's just syslog() overruning the stack again. There's also another problem
which causes the datas segment to be overrun, but that's not as easy
to abuse (if at all).
Casper
