From owner-freebsd-security Sat Nov 16 17:27:21 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA02850 for security-outgoing; Sat, 16 Nov 1996 17:27:21 -0800 (PST) Received: from mail.crl.com (mail.crl.com [165.113.1.22]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA02845; Sat, 16 Nov 1996 17:27:19 -0800 (PST) Received: from super-g.inch.com (super-g.com) by mail.crl.com with SMTP id AA14134 (5.65c/IDA-1.5); Sat, 16 Nov 1996 17:28:16 -0800 Received: from localhost (spork@localhost) by super-g.inch.com (8.7.6/8.6.9) with SMTP id TAA13300; Sat, 16 Nov 1996 19:25:48 -0500 Date: Sat, 16 Nov 1996 18:25:48 -0600 (CST) From: "S(pork)" X-Sender: spork@super-g.inch.com To: freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org Subject: Re: New sendmail bug... In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk And even though it looked like it did not work with smrsh installed, it does... Can anyone with a public UNIX box say "sitting duck"? And on the weekend I have to find out about this. If only I were a programmer instead of a lowly SA with few C skills... Charles On Sat, 16 Nov 1996, S(pork) wrote: > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > more knowledge on this issue can check it out, please post to the list so > everyone can free themselves of this vulnerability. Root in under 15 > seconds with an account on the machine. If you need the 'sploit, please > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > Linux so far... > > TIA > > Charles >