From owner-freebsd-security  Thu Feb 22 17:49: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id EBAA937B491; Thu, 22 Feb 2001 17:49:00 -0800 (PST)
	(envelope-from mike@sentex.net)
Received: from chimp (fcage [192.168.0.2])
	by cage.simianscience.com (8.11.2/8.11.2) with ESMTP id f1N1mxg08892;
	Thu, 22 Feb 2001 20:49:00 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <4.2.2.20010222204523.03d6ef90@marble.sentex.net>
X-Sender: mdtancsa@marble.sentex.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Thu, 22 Feb 2001 20:48:58 -0500
To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Fwd: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1
Cc: security@FreeBSD.ORG
In-Reply-To: <14997.48988.504211.466384@horsey.gshapiro.net>
References: <4.2.2.20010222202121.03d64948@marble.sentex.net>
 <4.2.2.20010222202121.03d64948@marble.sentex.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 05:39 PM 2/22/2001 -0800, Gregory Neil Shapiro wrote:
> >>>>> "mike" == Mike Tancsa <mike@sentex.net> writes:
>
>mike> Is this a LINUX specific thing, or Sendmail in general ??
>
> >> TurboLinux Advisory ID#:  TLSA2001003-1
>
> >> 1. Problem Summary
> >>
> >> Sendmail, launched with the -bt command-line switch, enters its special
> >> "address test" mode. Under these conditions, it is vulnerable to a
> >> segmentation fault which can occur when trying to set a class in ad-
> >> dress test mode due to a negative array index.
>
>First, that was *fixed* in 8.11.2, not vulnerable in 8.11.2:


Thanks for the quick response!  The way it was worded, it claimed all 
versions of sendmail were vulnerable :-(


> >> 2. Impact
> >>
> >> A user can gain root privileges.
>
>Second, it does not give you any privileges at all, even in the version
>that has the bug.  The original reporter, Michal Zalewski, even
>acknowledges this fact.  I wonder where TurboLinux gets their information.

I thought this looked familiar from a while back.  Thanks again for quickly 
settling the issue!

         ---Mike


--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Network Administration,     			  mike@sentex.net
Sentex Communications                 		  www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message