Date: Thu, 30 Aug 2001 16:26:35 -0400 From: Chris Faulhaber <jedgar@fxp.org> To: Ronan Lucio <ronan@melim.com.br> Cc: security@freebsd.org Subject: Re: Sendmail Message-ID: <20010830162635.A46456@peitho.fxp.org> In-Reply-To: <091701c13191$e2c8e480$2aa8a8c0@melim.com.br> References: <08ab01c1318b$defef2f0$2aa8a8c0@melim.com.br><5.1.0.14.0.20010830154128.04ac4ec0@marble.sentex.ca> <20010831.050449.26350219.ume@mahoroba.org> <091701c13191$e2c8e480$2aa8a8c0@melim.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 30, 2001 at 05:25:18PM -0300, Ronan Lucio wrote: > Hi Hajimu, >=20 > > mike> Probably not.. But, you never know. Someone could devise some cle= ver > way > > mike> for some other process to exploit the bug. > > > > sendmail 8.11.15 had local-exploit. If you use old version of > > sendmail, you must upgrade to 8.11.16. Don't forget to drop setuid > > bit of old sendmail binary or remove it. >=20 > How can I do it? >=20 > I typed ls -l /usr/sbin, it shows me: >=20 > lrwxrwxrwx 1 root wheel 21 Aug 28 06:33 sendmail -> /usr/sbin/mailwrap= per > -r-xr-xr-x 1 root wheel 4928 Apr 21 06:10 mailwrapper >=20 > Is it right? >=20 > Thank you very much, >=20 Perhaps you should review the advisory which explains the corrective measures in detail. http://docs.freebsd.org/mail/current/freebsd-security-notifications.html --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjuOoXsACgkQObaG4P6BelBodACghYHYkZvN1VngAUq5GNOkq8pk je0AnRNsDbF4jbd//KxhJnzeinmP96Zq =g5sX -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010830162635.A46456>