From owner-freebsd-questions Thu Feb 27 19:25:39 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA07196 for questions-outgoing; Thu, 27 Feb 1997 19:25:39 -0800 (PST) Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA07191 for ; Thu, 27 Feb 1997 19:25:36 -0800 (PST) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.5/8.6.12) with SMTP id TAA10085; Thu, 27 Feb 1997 19:25:20 -0800 (PST) Date: Thu, 27 Feb 1997 19:25:20 -0800 (PST) From: Doug White X-Sender: dwhite@localhost Reply-To: Doug White To: Burton Sampley cc: questions@freebsd.org Subject: Re: 2.1.6R security hole ?'s In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 27 Feb 1997, Burton Sampley wrote: > I have a stupid question. I recently trashed my hard drive and lost > everything. I was attemping to find out more info on the security hole > which caused 2.1.7 to be issued. What exactly was the problem? I seem > to recall it was something to do with sendmail. If the hole is limited to > sendmail was is it just on the FreeBSD port, or does this hole effect > ALL other OS's running sendmail and which version(s) of sendmail are > effected? Well, there were several things that prompted 2.1.6. The major instigator was a exploit found in the setlocale() function, which affected any program compiled under 2.1.6. Sendmail was an (older) item, as well as a buffer overflow in talkd and a million other small things. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major