Bugtraq mailing list archives

Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1

From: Claus Assmann <ca+bugtraq () ZARDOC ENDMAIL ORG>
Date: Fri, 23 Feb 2001 13:41:01 -0800

On Thu, Feb 22, 2001, security () TURBOLINUX COM wrote:

I've sent yesterday an e-mail to security () TURBOLINUX COM but got
no reply up to now. So I'll try it here.

        Vulnerable Packages: All versions previous to 8.11.2-5
        Date: 02/21/2001 5:00 PDT

        TurboLinux Advisory ID#:  TLSA2001003-1

2. Impact

   A user can gain root privileges.


Does TurboLinux have any proof for this claim or is it just a guess?
If the former: why has sendmail-security () sendmail org not been contacted?
If the latter: why isn't this explicitly stated here?

BTW: Another advisory (TLSA2000013-1) from TurboLinux also made a
wrong claim about sendmail. It would be nice to be more careful.

PS: The segfault problem has been fixed in 8.11.2 as the RELEASES_NOTES
clearly say.

Attachment: _bin
Description:

Current thread:

[TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 security (Feb 22)
- Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 Kris Kennaway (Feb 26)
- Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 Claus Assmann (Feb 26)