From owner-freebsd-security Tue Jun 4 11:36:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by hub.freebsd.org (Postfix) with ESMTP id D00C937B401; Tue, 4 Jun 2002 11:36:11 -0700 (PDT) Received: from simoen.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.2/8.12.2) with ESMTP id g54IaA7U029811; Tue, 4 Jun 2002 14:36:10 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020604143542.03aafa88@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 04 Jun 2002 14:38:41 -0400 To: Gregory Neil Shapiro , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Similar locking bugs (was Re: Security fixes in Sendmail 8.12.4) Cc: mbr@FreeBSD.ORG In-Reply-To: <15612.65032.569720.821128@horsey.gshapiro.net> References: <15612.64901.18897.489322@horsey.gshapiro.net> <20020604195354.M27608@wu-wien.ac.at> <15612.64901.18897.489322@horsey.gshapiro.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020220) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:51 AM 04/06/2002 -0700, Gregory Neil Shapiro wrote: >I should note however that sendmail is one of many programs that can be >DoS'ed via locking. I'd encourage the security officer to sweep through >the tree looking for this type of problem. Apache and FrontPage seems to have this problem as well. As a non privileged user, just vi /usr/local/etc/apache/httpd.conf While this is the case, none of the frontpage users are able to publish/save files to their respective sites. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message