Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Aug 2001 16:26:35 -0400
From:      Chris Faulhaber <jedgar@fxp.org>
To:        Ronan Lucio <ronan@melim.com.br>
Cc:        security@freebsd.org
Subject:   Re: Sendmail
Message-ID:  <20010830162635.A46456@peitho.fxp.org>
In-Reply-To: <091701c13191$e2c8e480$2aa8a8c0@melim.com.br>
References:  <08ab01c1318b$defef2f0$2aa8a8c0@melim.com.br><5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca> <20010831.050449.26350219.ume@mahoroba.org> <091701c13191$e2c8e480$2aa8a8c0@melim.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 

--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 30, 2001 at 05:25:18PM -0300, Ronan Lucio wrote:
> Hi Hajimu,
>=20
> > mike> Probably not.. But, you never know. Someone could devise some cle=
ver
> way
> > mike> for some other process to exploit the bug.
> >
> > sendmail 8.11.15 had local-exploit.  If you use old version of
> > sendmail, you must upgrade to 8.11.16.  Don't forget to drop setuid
> > bit of old sendmail binary or remove it.
>=20
> How can I do it?
>=20
> I typed ls -l /usr/sbin, it shows me:
>=20
> lrwxrwxrwx  1 root  wheel  21 Aug 28 06:33 sendmail -> /usr/sbin/mailwrap=
per
> -r-xr-xr-x  1 root  wheel  4928 Apr 21 06:10 mailwrapper
>=20
> Is it right?
>=20
> Thank you very much,
>=20

Perhaps you should review the advisory which explains the corrective
measures in detail.

http://docs.freebsd.org/mail/current/freebsd-security-notifications.html

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjuOoXsACgkQObaG4P6BelBodACghYHYkZvN1VngAUq5GNOkq8pk
je0AnRNsDbF4jbd//KxhJnzeinmP96Zq
=g5sX
-----END PGP SIGNATURE-----

--lrZ03NoBR/3+SXJZ--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010830162635.A46456>