From owner-freebsd-security Thu Aug 30 12:56:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from poontang.schulte.org (poontang.schulte.org [209.134.156.197]) by hub.freebsd.org (Postfix) with ESMTP id 42FED37B406 for ; Thu, 30 Aug 2001 12:56:24 -0700 (PDT) (envelope-from christopher@schulte.org) Received: from schulte-laptop.schulte.org (nb-97.netbriefings.com [209.134.134.97]) by poontang.schulte.org (Postfix) with ESMTP id C0202D14D3; Thu, 30 Aug 2001 14:54:14 -0500 (CDT) Message-Id: <5.1.0.14.0.20010830144937.022f4c80@pop.schulte.org> X-Sender: schulte@pop.schulte.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 30 Aug 2001 14:53:41 -0500 To: "Ronan Lucio" , From: Christopher Schulte Subject: Re: Sendmail In-Reply-To: <08ab01c1318b$defef2f0$2aa8a8c0@melim.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:57.sendmail.= asc This link explains exactly what's vulnerable. >Topic: sendmail contains local root vulnerability So, if users have local access, then yes you're probably vulnerable. Read= =20 the advisory for specific details. At 04:42 PM 8/30/2001 -0300, Ronan Lucio wrote: >Hi all, > >If I have a machine that any user has shell access. It=B4s just a mail= server. >Is such machine vulnerable for sendmail? > >[ ]=B4s > >Ronan Lucio -c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message