Re: Another sendmail exploit [local root compromise]

[Michael Kjorling <michael () kjorling com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sendmail 8.11.4 on Red Hat 6.2 and kernel 2.2.18 confirmed vulerable
to this local root exploit with mail's shell both blank (meaning
/bin/bash) and /usr/sbin/smrsh 8.11 (Berkeley) 5/19/1998. I got dumped
into a root bash shell both times when starting this program as an
ordinary user. Sendmail 8.11.6 on same platform is confirmed *not* to
be vulerable under the same two setups (with and without smrsh). smrsh
with 8.11.6 does not have an explicit version number but mentions
@(#)$Id: smrsh.c,v 8.31.4.9 2001/04/24 04:11:51 ca Exp $.

Is this the command line processing but mentioned at
http://www.sendmail.org/8.11.html?


Michael Kjörling


On Aug 23 2001 04:40 +0400, Alexander Yurchenko wrote:

> Here's an another sendmail exploit for linux x86.
>
>    Alexander Yurchenko aka grange

- -- 
Michael Kjörling - michael () kjorling com - PGP: 8A70E33E
Manager Wolf.COM -- Programmer -- Network Administrator
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

***** Please only send me emails which concern me *****

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For my PGP key: http://michael.kjorling.com/contact/pgp.html

iD8DBQE7hLHfKqN7/Ypw4z4RAnclAJsEAoj0h7SKvLpyYBttCwXPAP5pJACfdysX
7y05P5ILqXr2E+aRRkW6Ev4=
=uf78
-----END PGP SIGNATURE-----