Date: Fri, 31 Aug 2001 05:04:49 +0900 (JST) From: Hajimu UMEMOTO <ume@mahoroba.org> To: mike@sentex.net Cc: ume@mahoroba.org Subject: Re: Sendmail Message-ID: <20010831.050449.26350219.ume@mahoroba.org> In-Reply-To: <5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca> References: <08ab01c1318b$defef2f0$2aa8a8c0@melim.com.br> <5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Thu, 30 Aug 2001 15:43:17 -0400
>>>>> Mike Tancsa <mike@sentex.net> said:
mike> Probably not.. But, you never know. Someone could devise some cle=
ver way =
mike> for some other process to exploit the bug.
sendmail 8.11.15 had local-exploit. If you use old version of
sendmail, you must upgrade to 8.11.16. Don't forget to drop setuid
bit of old sendmail binary or remove it.
mike> At 04:42 PM 8/30/01 -0300, Ronan Lucio wrote:
>Hi all,
>
>If I have a machine that any user has shell access. It=B4s just a mail=
server.
>Is such machine vulnerable for sendmail?
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010831.050449.26350219.ume>