Date: Sat, 16 Nov 1996 18:17:23 -0600 (CST) From: Karl Denninger <karl@Mcs.Net> To: spork@super-g.com (S) Cc: freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org Subject: Re: New sendmail bug... Message-ID: <199611170017.SAA16884@Jupiter.Mcs.Net> In-Reply-To: <Pine.LNX.3.92.961116165903.12931A-100000@super-g.inch.com> from "S" at Nov 16, 96 05:03:13 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > more knowledge on this issue can check it out, please post to the list so > everyone can free themselves of this vulnerability. Root in under 15 > seconds with an account on the machine. If you need the 'sploit, please > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > Linux so far... > > TIA > > Charles Its real - and the fix is two lines inserted in the sighup() handler: setgid(RealGid); setuid(RealUid); prior to the exec call. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 33 Analog Prefixes, 13 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611170017.SAA16884>