Date: Sun, 17 Nov 1996 13:20:58 -0500 (EST) From: Will Brown <ewb@zns.net> To: freebsd-security@FreeBSD.org Subject: Re: new sendmail exploit Message-ID: <199611171820.NAA09840@selway.i.com>
next in thread | raw e-mail | index | archive | help
Definitely exploitable on Solaris 2.5 (and presumably lower). As Wolfgang and others pointed out. Just used bash instead of /bin/sh. No need to use /tmp either. Heck you could put it in /usr/bin! Patch to 8.8.2 from Eric Allman seems to work (on Solaris 2.4) "leshka" prints "501 Permission denied" and "smptd" is not spawned. Log message: sendmail[17653]: uid 1374 tried to start daemon mode Sorry for the O/S version discrepancies here. 2.4 machine was most critical so I patched it first. -- Will Brown
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611171820.NAA09840>