Date: Sun, 17 Nov 1996 11:06:37 -0800 From: "Pedro Giffuni S." <m230761@ingenieria.ingsala.unal.edu.co> To: "S(pork)" <spork@super-g.com> Cc: freebsd-security@freebsd.org, release@freebsd.org Subject: Re: New sendmail bug... Message-ID: <328F623D.10A4@ingenieria.ingsala.unal.edu.co> References: <Pine.LNX.3.92.961116165903.12931A-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
S(pork) wrote: > > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > more knowledge on this issue can check it out, please post to the list so > everyone can free themselves of this vulnerability. Root in under 15 > seconds with an account on the machine. If you need the 'sploit, please > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > Linux so far... > > TIA > > Charles After reading the latest CERT (which is rather old!), I installed smrsh on all my boxes and changed the uid to an anonymous mail user with no shell, as suggested. Does this cover it? Do the new releases install smrsh by default? My mail under 8.8.0 is being read and manipulated by someone outside, but this probably doesn´t have a solution does it? Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?328F623D.10A4>