Bugtraq mailing list archives

Re: Sendmail 8.7, 8.7.1

From: andrew () andy alt za (Andrew Cameron)
Date: Tue, 10 Oct 1995 21:17:33 +0200


On Tue, 10 Oct 1995, Casper Dik wrote:

Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
that was incompletely patched in 8.7, and (supposedly) finally patched
in 8.7.1?


It's just syslog() overruning the stack again.  There's also another problem
which causes the datas segment to be overrun, but that's not as easy
to abuse (if at all).

Casper

When is someone going to make the code available to verify the Syslog bug
for Sunos 4.1.3

I have a person at work who refuses to apply the patches to his Sunos
System until we can prove to him that a bug exists.

-----------------------------------------------------------------------------

Andrew Cameron
Internet: andrew () andy alt za
X.400: C=ZA G=Andrew S=Cameron Admd=TELKOM400

----------------------------------------------------------------------------

Current thread:

Re: Netscape 2.0b1 for Win95 (fwd) Aleph One (Oct 09)
- Sendmail 8.7, 8.7.1 Charles Howes (Oct 09)
  - Re: Sendmail 8.7, 8.7.1 Casper Dik (Oct 10)
    - Re: Sendmail 8.7, 8.7.1 SnoCrash (Oct 10)
    - Re: Sendmail 8.7, 8.7.1 Andrew Cameron (Oct 10)
    - Netscape problems (again)... Jay 'Whip' Grizzard (Oct 10)
    - s-bits disappear ? Bernd Lehle (Oct 11)
    - Re: s-bits disappear ? Neil Readwin (Oct 12)
    - Sun's Loadmodule Patch Neil Woods (Oct 18)
    - FW: WinNews Special Issue Scott Chasin (Oct 22)
    - SunOS 5.5 Beta Aleph One (Oct 24)
    - denial of service attack possible Mark Thomas (Oct 26)
    - Re: denial of service attack possible Darren Reed (Oct 27)
    - Re: denial of service attack possible Darrell Fuhriman (Oct 27)
    - Re: denial of service attack possible Tom Fitzgerald (Oct 27)

(Thread continues...)