Bugtraq mailing list archives
Re: your mail
From: root () CARDIMA COM (Phil Stracchino)
Date: Fri, 25 Sep 1998 11:53:46 -0700
On Thu, Sep 24, 1998 at 10:14:06AM -0400, Simon Smith wrote:
This is not the same attack as the last one regarding the "(". This one does not make your system hang but rather alters permissions is seems. If this was already posted please disregard it. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Be conscious that Sendmail 8.9.1a/8.9.0 has a critical security flaw in it. I have tested this on debain Linux. I have not had time to hack the source and find out where the hole is. (Yes I am going to give notice to sendmail.) I have not determined if other systems are open to this attack, but to check, create a user that you can eliminate. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"exploit" skipped I have to suspect Pine or a configuration error of some kind rather than sendmail itself. I am unable to replicate this behavior on a Slackware-based system using 8.9.0, 8.9.1, or 8.9.1a. -- Phil V. Stracchino MIS Administrator Cardima, Inc. mis () cardima com
Current thread:
- Re: your mail Phil Stracchino (Sep 25)