[2303] in bugtraq
Re: Sendmail 8.6.12 hole & smrsh
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Oct 12 11:20:34 1995
Date: Thu, 12 Oct 1995 15:16:38 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Casper Dik <casper@Holland.Sun.COM>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Thu, 12 Oct 1995 14:01:09 -0200."
<Pine.SOL.3.91.951012135547.22317B-100000@toms>
>>Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
>>that was incompletely patched in 8.7, and (supposedly) finally patched
>>in 8.7.1?
>
>I wonder if the attack is still possible if there is a "smrsh" shell
>installed instead of "sh" in sendmail.cf ?
Yes. The syslog() hole exploits don't care whether you have installed
smrsh or not. The only thing that helps is a patched syslog(),
something you'll need anyway for your other daemons, or sendmail 8.7.1
and that only works if you have a syslog() with an internal buffersize
with 1024 bytes (i.e., if you haev a smaller interner buffer, you
may be out of luck anyway)
Casper
