Re: sendmail 8.8.3 and DefaultUser and RunAsUser

[Pauline.van.Winsen () uniq com au (Pauline van Winsen - Uniq Professional Services)]

> Question on sendmail 8.8.3 (and probably 8.8.[12]):


> Comments?

i suggest you check out:

Subject: AUSCERT Advisory AA-96.15 sendmail Group Permissions Vulnerability

the fix is to:

3.1 Upgrade to sendmail 8.8.4.

    Eric Allman has released sendmail 8.8.4 which fixes this
    vulnerability.  There is no patch for any version of sendmail prior
    to 8.8.0.  Sites are encouraged to upgrade to sendmail 8.8.4 as soon
    as possible.

    The current version of sendmail is available from:

        ftp://ftp.sendmail.org/pub/sendmail/
        ftp://ftp.auscert.org.au/pub/mirrors/ftp.cs.berkeley.edu/ucb/sendmail/
        ftp://ftp.cert.dfn.de/pub/tools/net/sendmail/

    The MD5 checksum for this distribution is:

        MD5 (sendmail.8.8.4.patch) = bb0f24abdb1416748b0c7a9f9315fa59
        MD5 (sendmail.8.8.4.tar.Z) = 0b4e4d09c75733ab63dde1cb6a52c615
        MD5 (sendmail.8.8.4.tar.gz) = 64ce6393a6968a0dc7c6652dace127b0

check out the complete advisory at http://www.auscert.org.au

cheers,
pauline

Pauline van Winsen                                   pauline () uniq com au
Uniq Professional Services Pty Ltd                       www.uniq.com.au
PO Box 70, Paddington, NSW 2021,                      (Sydney) Australia
Phone: +61-2-9380-6360      Fax: +61-2-9380-6416      Pager: 016 287 000
"Another matter which must be left to your escort in restaurant dining
is any communication with the waiter. If you want something that is
not on the table you never ask the waiter direct, but ask your escort
if he will ask the waiter for it."
               Dining Out - Book 3, Woman's World, circa 1964.