Bugtraq mailing list archives
Re: Remote exploit in sendmail 8.8.0
From: alain.magloire () rcsm ee mcgill ca (Alain Magloire)
Date: Thu, 17 Oct 1996 12:40:28 -0400
There is a serious bug in the mime7to8() function of sendmail 8.8.0 which allows anyone who can send you mail to execute arbitrary code as root on your machine. I think mime7to8() only gets invoked if you set the undocumented "9" mailer flag. However, this flag is set by default in the cf/mailer/local.m4 file that ships with sendmail 8.8.0. Thus, if you are using an old V6 format configuration file from sendmail 8.7, you are probably safe, but if you generated a new V7 configuration file, you are probably vulnerable to this bug.
From the READ_ME MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions. Not yet implemented. How about to simply recompile with -DMIME7TO8=0 ? -- alain
Current thread:
- Remote exploit in sendmail 8.8.0 John Anonymous MacDonald (Oct 16)
- Re: Remote exploit in sendmail 8.8.0 Alain Magloire (Oct 17)
- <Possible follow-ups>
- Re: Remote exploit in sendmail 8.8.0 Thomas Roessler (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Dave Hayes (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 D. J. Bernstein (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Daniel S. Riley (Oct 18)
- Re: Remote exploit in sendmail 8.8.0 Steven L Baur (Oct 18)