Bugtraq mailing list archives
Re: so...
From: harry () cs umd edu (Harry Mantakos)
Date: Wed, 16 Mar 1994 02:02:53 -0500
So, does anyone know anything about this new Sendmail bug other than that it exists?
If you want to know more about it, grab the sendmail-8.6.7 patch from ftp.cs.berkeley.edu. There are only 2 lines of code changed. The RELEASE_NOTES describes the change as: + SECURITY: it was possible to get root access by using wierd + values to the -d flag. Thanks to Alain Durand of + INRIA for forwarding me the notice from the bugtraq + list. Presumably this can only be exploited on the local machine to allow a non-root user to become root. -harry ------------------------------------------------------------------------------ Spoken: Harry Mantakos Domain: harry () cs umd edu UUCP: uunet!mimsy!harry Phone: 301-405-2750 USPS: U of Maryland, CS Dept., College Park, MD 20742
Current thread:
- so... Perry E. Metzger (Mar 15)
- Re: so... Scott Chasin (Mar 15)
- Re: so... Harry Mantakos (Mar 15)
- the new sendmail BUG history Alain Durand (Mar 16)
- Re: so... steve (Mar 16)