Bugtraq mailing list archives
Re: sendmail -C: Known? Patches? (AIX 4.1.5)
From: eric () SENDMAIL ORG (Eric Allman)
Date: Wed, 6 Aug 1997 15:02:16 -0700
As near as I can tell, no sendmail from Berkeley (back to 5.61, that is, 1988, and probably before -- that was just the earliest one that I had available to check) had this problem. I suspect that if the problem exists at all, it is IBM-specific. eric ============= In Reply To: =========================================== : From: "DI. Dr. Klaus Kusche" <Klaus.Kusche () OOE GV AT> : Subject: sendmail -C: Known? Patches? (AIX 4.1.5) : Date: Wed, 6 Aug 1997 08:07:36 PDT : On several not-so-official WWW pages, I found a hint that : : /usr/lib/sendmail -C <any-file-you-want-to-read> : : produces "interesting" output. : : I tried that on our AIX 4.1.5 (as an ordinary user!) with : "/etc/security/passwd", and it indeed displayed all the : shadow passwords. : : I checked IBM's and CERT's archives about it and found nothing. : : Questions: : 1.) Is the problem known? : 2.) Does IBM have a fix for it? : 3.) Is it fixed in the latest (non-IBM) sendmail releases? : : DI. Dr. Klaus Kusche : Oberoesterreichische Landesregierung / Government of Upper Austria : Rechenzentrum / Computing Centre : Smail: Kaerntnerstrasse 16, A-4020 Linz, Austria (Europe) : Phone: +43 732 7720 - 3394 Fax: +43 732 7720 - 3198 : Email: Klaus.Kusche () ooe gv at
Current thread:
- Security hole in rusers client, (continued)
- Security hole in rusers client David Holland (Aug 02)
- SSH LocalForward Nicolas Dubee (Aug 02)
- Re: your mail Erik Troan (Aug 10)
- Sun Security Bulletin #00149 Aleph One (Aug 13)
- Sun Security Bulletin #00150 Aleph One (Aug 13)
- Possible fixed identd Phillip R. Jaenke (Aug 13)
- CERT Advisory CA-97.22 - BIND - the Berkeley Internet Name Daemon Aleph One (Aug 14)
- Vulnerability in 4.4BSD rfork() implementation Thomas H. Ptacek (Aug 02)
- Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Jeff Epler (Aug 02)
- Re: Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Marc Slemko (Aug 03)
- Re: sendmail -C: Known? Patches? (AIX 4.1.5) Gene Spafford (Aug 09)
- Re: sendmail -C: Known? Patches? (AIX 4.1.5) Troy Bollinger (Aug 10)
- Program To decrypt password in ws_ftp.ini JeBe (Aug 10)