Bugtraq mailing list archives

Re: so...

From: harry () cs umd edu (Harry Mantakos)
Date: Wed, 16 Mar 1994 02:02:53 -0500

So, does anyone know anything about this new Sendmail bug other than
that it exists?


If you want to know more about it, grab the sendmail-8.6.7 
patch from ftp.cs.berkeley.edu. There are only 2 lines of 
code changed. The RELEASE_NOTES describes the change as:

+       SECURITY: it was possible to get root access by using wierd
+               values to the -d flag.  Thanks to Alain Durand of
+               INRIA for forwarding me the notice from the bugtraq
+               list.

Presumably this can only be exploited on the local machine to allow
a non-root user to become root.
-harry
------------------------------------------------------------------------------
Spoken: Harry Mantakos   Domain: harry () cs umd edu      UUCP: uunet!mimsy!harry
Phone: 301-405-2750      USPS: U of Maryland, CS Dept., College Park, MD 20742

Current thread:

so... Perry E. Metzger (Mar 15)
- Re: so... Scott Chasin (Mar 15)
- Re: so... Harry Mantakos (Mar 15)
- the new sendmail BUG history Alain Durand (Mar 16)
- Re: so... steve (Mar 16)