From owner-freebsd-security Sat Nov 16 16:04:57 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA28867 for security-outgoing; Sat, 16 Nov 1996 16:04:57 -0800 (PST) Received: from super-g.inch.com (spork@super-g.com [204.178.32.161]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA28849; Sat, 16 Nov 1996 16:04:48 -0800 (PST) Received: from localhost (spork@localhost) by super-g.inch.com (8.7.6/8.6.9) with SMTP id SAA12948; Sat, 16 Nov 1996 18:03:13 -0500 Date: Sat, 16 Nov 1996 17:03:13 -0600 (CST) From: "S(pork)" X-Sender: spork@super-g.inch.com To: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Subject: New sendmail bug... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with more knowledge on this issue can check it out, please post to the list so everyone can free themselves of this vulnerability. Root in under 15 seconds with an account on the machine. If you need the 'sploit, please mail me here and I'll send it to you. I verified it on FBSD, NetBSD, Linux so far... TIA Charles