From owner-freebsd-security  Thu Aug 30 13: 9:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from light.imasy.or.jp (light.imasy.or.jp [202.227.24.4])
	by hub.freebsd.org (Postfix) with ESMTP id 05AD337B407
	for <security@FreeBSD.ORG>; Thu, 30 Aug 2001 13:09:47 -0700 (PDT)
	(envelope-from ume@mahoroba.org)
Received: (from uucp@localhost)
	by light.imasy.or.jp (8.11.6+3.4W/8.11.6/light) with UUCP id f7UK5PN16957;
	Fri, 31 Aug 2001 05:05:25 +0900 (JST)
	(envelope-from ume@mahoroba.org)
Received: from peace.mahoroba.org (IDENT:YcU+ueiYK3kWri9hq5A/BTN1k5NmJ7CAsJUPDJOjtgP05n5J3GqaC/K5GfjQUcRv@peace.mahoroba.org [3ffe:505:2:0:200:f8ff:fe05:3eae])
	(authenticated as ume with CRAM-MD5)
	by mail.mahoroba.org (8.11.6/8.11.6/chaos) with ESMTP/inet6 id f7UK4qj07548;
	Fri, 31 Aug 2001 05:04:52 +0900 (JST)
	(envelope-from ume@mahoroba.org)
Date: Fri, 31 Aug 2001 05:04:49 +0900 (JST)
Message-Id: <20010831.050449.26350219.ume@mahoroba.org>
To: mike@sentex.net
Cc: ronan@melim.com.br, security@FreeBSD.ORG
Cc: ume@mahoroba.org
Subject: Re: Sendmail
From: Hajimu UMEMOTO <ume@mahoroba.org>
In-Reply-To: <5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca>
References: <08ab01c1318b$defef2f0$2aa8a8c0@melim.com.br>
	<5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca>
X-Mailer: xcite1.38> Mew version 1.95b119 on Emacs 20.7 / Mule 4.0
 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?=
X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc
X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91  05 D0 B3 EF 36 9B 6A BC
X-URL: http://www.imasy.org/~ume/
X-Operating-System: FreeBSD 5.0-CURRENT
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>>>>> On Thu, 30 Aug 2001 15:43:17 -0400
>>>>> Mike Tancsa <mike@sentex.net> said:

mike> Probably not.. But, you never know. Someone could devise some cle=
ver way =

mike> for some other process to exploit the bug.

sendmail 8.11.15 had local-exploit.  If you use old version of
sendmail, you must upgrade to 8.11.16.  Don't forget to drop setuid
bit of old sendmail binary or remove it.

mike> At 04:42 PM 8/30/01 -0300, Ronan Lucio wrote:
>Hi all,
>
>If I have a machine that any user has shell access. It=B4s just a mail=
 server.
>Is such machine vulnerable for sendmail?

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message