From owner-freebsd-security Sat Nov 16 16:17:31 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA29297 for security-outgoing; Sat, 16 Nov 1996 16:17:31 -0800 (PST) Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA29277; Sat, 16 Nov 1996 16:17:26 -0800 (PST) Received: from Mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by Kitten.mcs.com (8.8.2/8.8.2) with ESMTP id SAA26299; Sat, 16 Nov 1996 18:17:25 -0600 (CST) Received: from Jupiter.Mcs.Net (karl@Jupiter.mcs.net [192.160.127.88]) by Mailbox.mcs.com (8.8.2/8.8.2) with ESMTP id SAA01993; Sat, 16 Nov 1996 18:17:24 -0600 (CST) Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.2/8.8.2) id SAA16884; Sat, 16 Nov 1996 18:17:23 -0600 (CST) From: Karl Denninger Message-Id: <199611170017.SAA16884@Jupiter.Mcs.Net> Subject: Re: New sendmail bug... To: spork@super-g.com (S) Date: Sat, 16 Nov 1996 18:17:23 -0600 (CST) Cc: freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org In-Reply-To: from "S" at Nov 16, 96 05:03:13 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > more knowledge on this issue can check it out, please post to the list so > everyone can free themselves of this vulnerability. Root in under 15 > seconds with an account on the machine. If you need the 'sploit, please > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > Linux so far... > > TIA > > Charles Its real - and the fix is two lines inserted in the sighup() handler: setgid(RealGid); setuid(RealUid); prior to the exec call. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 33 Analog Prefixes, 13 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal