From owner-freebsd-security  Sat Nov 16 17:05:50 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA01810
          for security-outgoing; Sat, 16 Nov 1996 17:05:50 -0800 (PST)
Received: from procert.cert.dfn.de (root@procert.cert.dfn.de [134.100.14.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA01805;
          Sat, 16 Nov 1996 17:05:43 -0800 (PST)
Received: from tiger.cert.dfn.de (ley@tiger.cert.dfn.de [134.100.14.11]) by procert.cert.dfn.de (8.8.3/8.8.3) with ESMTP id CAA16908; Sun, 17 Nov 1996 02:06:57 +0100 (MET)
From: Wolfgang Ley <ley@cert.dfn.de>
Received: (from ley@localhost) by tiger.cert.dfn.de (8.8.3/8.8.3) id CAA10374; Sun, 17 Nov 1996 02:06:56 +0100 (MET)
Message-Id: <199611170106.CAA10374@tiger.cert.dfn.de>
Subject: Re: New sendmail bug...
To: spork@super-g.com (S)
Date: Sun, 17 Nov 1996 02:06:55 +0100 (MET)
Cc: karl@Mcs.Net, freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org
In-Reply-To: <Pine.LNX.3.92.961116172335.13136A-100000@super-g.inch.com> from "S" at Nov 16, 96 05:24:55 pm
Organization: DFN-CERT (Computer Emergency Response Team, Germany)
Content-Type: text
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

S wrote:
>
> Thanks, also I just installed smrsh on a whim (I'm definetly not a C
> expert, very very novice here) and smrsh (included in the sendmail dist)
> takes care of the problem as well...  Exploit to follow...

smrsh won't help you protecting against the new problem (restarting
sendmail via sighup and modified argv[0]).

sendmail 8.8.3 (which is currently being tested) will fix the problem.

Or are you talking about another (new?) problem?

Bye,
  Wolfgang.
- --
Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg,    Germany
Email: ley@cert.dfn.de   Phone: +49 40 5494-2262 Fax: +49 40 5494-2241
PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via
WWW from http://www.cert.dfn.de/~ley/               ...have a nice day

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMo5lIgQmfXmOCknRAQG4tAP/Vv1+68RYqZpYc1c5G9l3fl1a0g2KB1gY
5fhyighSNXv+CBhyMseQbL4rawSnR2ipDW1BW1MEgo3iGGpFsDIFUKIu5uk26km6
s88V80Pmc9L3AYE6p1JVH97+OpEKU3BVlRDR2g8Ya1ecxDujQF5G/fVhmwpejyvd
viG7NXDFPvM=
=paMe
-----END PGP SIGNATURE-----