Bugtraq mailing list archives
Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1
From: Claus Assmann <ca+bugtraq () ZARDOC ENDMAIL ORG>
Date: Fri, 23 Feb 2001 13:41:01 -0800
On Thu, Feb 22, 2001, security () TURBOLINUX COM wrote: I've sent yesterday an e-mail to security () TURBOLINUX COM but got no reply up to now. So I'll try it here.
Vulnerable Packages: All versions previous to 8.11.2-5 Date: 02/21/2001 5:00 PDT
TurboLinux Advisory ID#: TLSA2001003-1
2. Impact A user can gain root privileges.
Does TurboLinux have any proof for this claim or is it just a guess? If the former: why has sendmail-security () sendmail org not been contacted? If the latter: why isn't this explicitly stated here? BTW: Another advisory (TLSA2000013-1) from TurboLinux also made a wrong claim about sendmail. It would be nice to be more careful. PS: The segfault problem has been fixed in 8.11.2 as the RELEASES_NOTES clearly say.
Attachment:
_bin
Description:
Current thread:
- [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 security (Feb 22)
- Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 Kris Kennaway (Feb 26)
- Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 Claus Assmann (Feb 26)