Date: Mon, 03 Mar 2003 11:39:00 -0800 From: Chris Samaritoni <chris@tierra.net> To: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail Message-ID: <5.2.0.9.0.20030303113213.034c0cc0@mail.tierra.net> In-Reply-To: <200303031711.h23HBbVf059406@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:11 AM 3/3/2003 -0800, FreeBSD Security Advisories wrote: >III. Impact > >A remote attacker could create a specially crafted message that may >cause sendmail to execute arbitrary code with the privileges of the >user running sendmail, typically root. The malicious message might be >handled (and therefore the vulnerability triggered) by the initial >sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail >process. Exploiting this defect is particularly difficult, but is >believed to be possible. Question, I have a some systems that don't run any sendmail daemons, but local users that have scripts that run sendmail to send messages. I'm not familiar with how running sendmail from the command line would differ, but would this also be affected by this bug, in which case wouldn't this also make it a local compromise as well? I'm just looking for clarification. Thanks, Chris Samaritoni TierraNet Inc. chris@tierra.net ---------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030303113213.034c0cc0>