Bugtraq mailing list archives
[8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995
From: 8lgm () bagpuss demon co uk ([8LGM] Security Team)
Date: Thu, 18 May 1995 04:06:51 +0100
This advisory has been sent to: comp.security.unix CERT/CC <cert () cert org> =========================================================================== [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995 PROGRAM: sendmail(8) (Version 5.*) KNOWN VULNERABLE VERSIONS: SunOS 4.1.* up to and including patch 100377-19 Sendmail V5.* IDA Sendmail V5.* (Likely that any sendmail based on V5 is also vulnerable). DESCRIPTION: A flaw exists in versions of sendmail based on V5, which allows users to run programs and/or append to files remotely. The user does not require an account on that system. IMPACT: Systems running V5 based sendmail are exploitable remotely. REPEAT BY: At this time, exploit details are not available. Exploit details will be provided on the 8lgm fileserver, at some point in the future. DISCUSSION: Details have been provided to ecd () cert org, in order to speed up availability of exploit information to vulnerable vendors. WORKAROUND & FIX: 1) Install V8 sendmail. 2) Obtain patch from vendor. FEEDBACK AND CONTACT INFORMATION: majordomo () 8lgm org (Mailing list requests - try 'help' for details) 8lgm () 8lgm org (Everything else) 8LGM FILESERVER: All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver () 8lgm org' ===========================================================================
Current thread:
- [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995 [8LGM] Security Team (May 17)