[2823] in bugtraq
Re: What happened to the syslog bug ?
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Wed Jun 26 17:09:08 1996
Date: Wed, 26 Jun 1996 10:37:05 -0700
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
AUSCERT (quite reasonably) indicated sendmail_wrapper was no longer a
recommended option, now that vendor patches are available for the
problems sendmail_wrapper was intended to fix.
sendmail_wrapper can show some intermittent problems, when used on SunO=
S
4.1.x.
We had an array of unpatched SunOS 4.1.x boxes running various releases
of sun, IDA, and V8 sendmail's. At one time, our hope was to bandaid
these with sendmail_wrapper (for internal hacks) and smap (for external
hacks), without getting into sendmail.cf rewrites all at once. We woun=
d
up using smap alone - and have resumed moving to current V8's (or even
upgrading our OSes ^_^) as time permits.
Gunnar Ingvi Thorisson wrote:
>
> Hi there..
>
> > In August last year 8LGM released an advisory warning about a syslo=
g
> > vulnerability. Something to do with a buffer overflow and passing c=
ommands
> > to a remote site. The advisory said that exploit would not be relea=
sed yet,
> > in order to give time to vendors to issue patches. Now I understand=
that
> > some vendors are pretty slow in acknowledging security problems but=
it
> > sounds like they had enough time by now.
> > Anyone considering posting details on this full disclosure list ?
>
> the sendmail_wrapper.c was updated to prevent this bug, thats about i=
t I
> know about sendmail, if you're looking for cure, get this wrapper, it=
can
> be found at any sendmail site. Hope it helps...
>
> Best regards, Gunni...
> gunni@if.is
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> Gunnar Ingvi =DE=F3risson E-Mail address: gunn=
i@if.is
> Kerfisstj=F3ri, system administrator
>
> =CDslensk forrita=FEr=F3un hf.
> Su=F0urlandsbraut 4, IS-108 Reykjav=EDk, =CDsland
> S=EDmi: (+354) 588-1511 Fax: (+354) 588-8728
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
