Bugtraq mailing list archives
Re: Another sendmail exploit [local root compromise]
From: Michael Kjorling <michael () kjorling com>
Date: Thu, 23 Aug 2001 09:33:44 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sendmail 8.11.4 on Red Hat 6.2 and kernel 2.2.18 confirmed vulerable to this local root exploit with mail's shell both blank (meaning /bin/bash) and /usr/sbin/smrsh 8.11 (Berkeley) 5/19/1998. I got dumped into a root bash shell both times when starting this program as an ordinary user. Sendmail 8.11.6 on same platform is confirmed *not* to be vulerable under the same two setups (with and without smrsh). smrsh with 8.11.6 does not have an explicit version number but mentions @(#)$Id: smrsh.c,v 8.31.4.9 2001/04/24 04:11:51 ca Exp $. Is this the command line processing but mentioned at http://www.sendmail.org/8.11.html? Michael Kjörling On Aug 23 2001 04:40 +0400, Alexander Yurchenko wrote:
Here's an another sendmail exploit for linux x86. Alexander Yurchenko aka grange
- -- Michael Kjörling - michael () kjorling com - PGP: 8A70E33E Manager Wolf.COM -- Programmer -- Network Administrator "We must be the change we wish to see" (Mahatma Gandhi) ^..^ Support the wolves in Norway -- go to ^..^ \/ http://home.no.net/ulvelist/protest_int.htm \/ ***** Please only send me emails which concern me ***** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For my PGP key: http://michael.kjorling.com/contact/pgp.html iD8DBQE7hLHfKqN7/Ypw4z4RAnclAJsEAoj0h7SKvLpyYBttCwXPAP5pJACfdysX 7y05P5ILqXr2E+aRRkW6Ev4= =uf78 -----END PGP SIGNATURE-----
Current thread:
- Another sendmail exploit Alexander Yurchenko (Aug 22)
- Re: Another sendmail exploit [local root compromise] Michael Kjorling (Aug 23)