On Thu, Sep 24, 1998 at 10:14:06AM -0400, Simon Smith wrote:
> This is not the same attack as the last one regarding the "(".
> This one does not make your system hang but rather alters permissions is
> seems. If this was already posted please disregard it.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> Be conscious that Sendmail 8.9.1a/8.9.0 has a critical security
> flaw in it. I have tested this on debain Linux. I have not had time to
> hack the source and find out where the hole is. (Yes I am going to give
> notice to sendmail.) I have not determined if other systems are open to
> this attack, but to check, create a user that you can eliminate.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"exploit" skipped
I have to suspect Pine or a configuration error of some kind rather than
sendmail itself. I am unable to replicate this behavior on a
Slackware-based system using 8.9.0, 8.9.1, or 8.9.1a.
--
Phil V. Stracchino
MIS Administrator
Cardima, Inc.
misat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:41 PDT