Bugtraq mailing list archives
Re: CERT Alert on new sendmail bug - any info?
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Sat, 19 Aug 1995 01:49:35 +0100
I just got the new sendmail bug alert from CERT, and of course it may affect my configuration - which leads to the question, does anybody know what the problem is so I can temporarily defend my system?I don't have any real information, but my guess is that this is the same problem as [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995,
it is the same bug
and that use of smrsh is an excellent defense against the bug.
it isnt :(
8lgm hasn't published an exploit for this problem, even though they said they passed the exploit on to CERT over three months ago.
After several lengthy discussions explaining the vulnerability to SUN (mostly
to convince them that a problem actually existed), we promised them we would
not release any exploit info until their patch was available (in this instance).
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk
|
Current thread:
- SSL message broken That Whispering Wolf... (Aug 16)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken That Whispering Wolf... (Aug 17)
- Re: SSL message broken Perry E. Metzger (Aug 17)
- CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Tom Fitzgerald (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Karl Strickland (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Ben Golding (Aug 20)
- Re: CERT Alert on new sendmail bug - any info? Neil Woods (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken Scott McClung (Aug 18)