From owner-freebsd-security Thu Feb 22 17:39:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 4D33037B503 for ; Thu, 22 Feb 2001 17:39:41 -0800 (PST) (envelope-from gshapiro@gshapiro.net) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.0.Beta3/8.12.0.Beta3) id f1N1dehf008094; Thu, 22 Feb 2001 17:39:40 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14997.48988.504211.466384@horsey.gshapiro.net> Date: Thu, 22 Feb 2001 17:39:40 -0800 From: Gregory Neil Shapiro To: Mike Tancsa Cc: security@freebsd.org Subject: Re: Fwd: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1 In-Reply-To: <4.2.2.20010222202121.03d64948@marble.sentex.net> References: <4.2.2.20010222202121.03d64948@marble.sentex.net> X-Mailer: VM 6.89 under 21.2 (beta42) "Poseidon" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "mike" == Mike Tancsa writes: mike> Is this a LINUX specific thing, or Sendmail in general ?? >> TurboLinux Advisory ID#: TLSA2001003-1 >> 1. Problem Summary >> >> Sendmail, launched with the -bt command-line switch, enters its special >> "address test" mode. Under these conditions, it is vulnerable to a >> segmentation fault which can occur when trying to set a class in ad- >> dress test mode due to a negative array index. First, that was *fixed* in 8.11.2, not vulnerable in 8.11.2: 8.11.2/8.11.2 2000/12/29 Prevent a segmentation fault when trying to set a class in address test mode due to a negative array index. Audit other array indexing. This bug is not believed to be exploitable. Noted by Michal Zalewski of the "Internet for Schools" project (IdS). >> 2. Impact >> >> A user can gain root privileges. Second, it does not give you any privileges at all, even in the version that has the bug. The original reporter, Michal Zalewski, even acknowledges this fact. I wonder where TurboLinux gets their information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message