From owner-freebsd-security Thu Aug 30 13:24: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23]) by hub.freebsd.org (Postfix) with ESMTP id 3D4FF37B401 for ; Thu, 30 Aug 2001 13:24:04 -0700 (PDT) (envelope-from ronan@melim.com.br) Received: from fazendinha (ressacada.melim.com.br [200.215.110.4]) by salseiros.melim.com.br (8.11.3/8.11.3) with SMTP id f7UKJ3072020 for ; Thu, 30 Aug 2001 17:19:04 -0300 (BRT) (envelope-from ronan@melim.com.br) Message-ID: <091701c13191$e2c8e480$2aa8a8c0@melim.com.br> From: "Ronan Lucio" To: References: <08ab01c1318b$defef2f0$2aa8a8c0@melim.com.br><5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca> <20010831.050449.26350219.ume@mahoroba.org> Subject: Re: Sendmail Date: Thu, 30 Aug 2001 17:25:18 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Hajimu, > mike> Probably not.. But, you never know. Someone could devise some clever way > mike> for some other process to exploit the bug. > > sendmail 8.11.15 had local-exploit. If you use old version of > sendmail, you must upgrade to 8.11.16. Don't forget to drop setuid > bit of old sendmail binary or remove it. How can I do it? I typed ls -l /usr/sbin, it shows me: lrwxrwxrwx 1 root wheel 21 Aug 28 06:33 sendmail -> /usr/sbin/mailwrapper -r-xr-xr-x 1 root wheel 4928 Apr 21 06:10 mailwrapper Is it right? Thank you very much, Ronan Lucio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message