On Thu, Sep 24, 1998 at 10:14:06AM -0400, Simon Smith wrote: > This is not the same attack as the last one regarding the "(". > This one does not make your system hang but rather alters permissions is > seems. If this was already posted please disregard it. > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Be conscious that Sendmail 8.9.1a/8.9.0 has a critical security > flaw in it. I have tested this on debain Linux. I have not had time to > hack the source and find out where the hole is. (Yes I am going to give > notice to sendmail.) I have not determined if other systems are open to > this attack, but to check, create a user that you can eliminate. > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "exploit" skipped I have to suspect Pine or a configuration error of some kind rather than sendmail itself. I am unable to replicate this behavior on a Slackware-based system using 8.9.0, 8.9.1, or 8.9.1a. -- Phil V. Stracchino MIS Administrator Cardima, Inc. misat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:41 PDT