From owner-freebsd-security  Mon Mar  3 11:38: 2 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 485C937B401
	for <security@freebsd.org>; Mon,  3 Mar 2003 11:37:59 -0800 (PST)
Received: from mx-out.daemonmail.net (mx-out.daemonmail.net [216.104.160.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BE9BA43FD7
	for <security@freebsd.org>; Mon,  3 Mar 2003 11:37:58 -0800 (PST)
	(envelope-from chris@tierra.net)
Received: from mx0.emailqueue.net (localhost.daemonmail.net [127.0.0.1])
	by mx-out.daemonmail.net (8.9.3/8.9.3) with SMTP id LAA39645
	for <security@freebsd.org>; Mon, 3 Mar 2003 11:37:58 -0800 (PST)
	(envelope-from chris@tierra.net)
Received: from  (216.104.164.101 [216.104.164.101])
	by mail.tierra.net with ESMTP id g7f16Vc5
	Mon, 03 Mar 2003 11:37:57 -0700 (PST)
Message-Id: <5.2.0.9.0.20030303113213.034c0cc0@mail.tierra.net>
X-Sender: chris@mail.tierra.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Mon, 03 Mar 2003 11:39:00 -0800
To: security@freebsd.org
From: Chris Samaritoni <chris@tierra.net>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail
In-Reply-To: <200303031711.h23HBbVf059406@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 09:11 AM 3/3/2003 -0800, FreeBSD Security Advisories wrote:
>III. Impact
>
>A remote attacker could create a specially crafted message that may
>cause sendmail to execute arbitrary code with the privileges of the
>user running sendmail, typically root.  The malicious message might be
>handled (and therefore the vulnerability triggered) by the initial
>sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail
>process.  Exploiting this defect is particularly difficult, but is
>believed to be possible.

Question, I have a some systems that don't run any sendmail daemons, but 
local users that have scripts that run sendmail to send messages. I'm not 
familiar with how running sendmail from the command line would differ, but 
would this also be affected by this bug, in which case wouldn't this also 
make it a local compromise as well? I'm just looking for clarification.

Thanks,
Chris Samaritoni
TierraNet Inc.
chris@tierra.net
----------------




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message