Date: Sun, 17 Nov 1996 02:06:55 +0100 (MET) From: Wolfgang Ley <ley@cert.dfn.de> To: spork@super-g.com (S) Cc: karl@Mcs.Net, freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org Subject: Re: New sendmail bug... Message-ID: <199611170106.CAA10374@tiger.cert.dfn.de> In-Reply-To: <Pine.LNX.3.92.961116172335.13136A-100000@super-g.inch.com> from "S" at Nov 16, 96 05:24:55 pm
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- S wrote: > > Thanks, also I just installed smrsh on a whim (I'm definetly not a C > expert, very very novice here) and smrsh (included in the sendmail dist) > takes care of the problem as well... Exploit to follow... smrsh won't help you protecting against the new problem (restarting sendmail via sighup and modified argv[0]). sendmail 8.8.3 (which is currently being tested) will fix the problem. Or are you talking about another (new?) problem? Bye, Wolfgang. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley@cert.dfn.de Phone: +49 40 5494-2262 Fax: +49 40 5494-2241 PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMo5lIgQmfXmOCknRAQG4tAP/Vv1+68RYqZpYc1c5G9l3fl1a0g2KB1gY 5fhyighSNXv+CBhyMseQbL4rawSnR2ipDW1BW1MEgo3iGGpFsDIFUKIu5uk26km6 s88V80Pmc9L3AYE6p1JVH97+OpEKU3BVlRDR2g8Ya1ecxDujQF5G/fVhmwpejyvd viG7NXDFPvM= =paMe -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611170106.CAA10374>