Date: Sat, 28 Sep 1996 01:32:57 -0600 From: Dave Andersen <angio@aros.net> To: Brian Tao <taob@io.org> Cc: security@freebsd.org Subject: Re: Exploit for sendmail security hole (version 8.6.12 for FreeBSD Message-ID: <199609280732.BAA13246@fluffy.aros.net> In-Reply-To: Your message of "Sat, 28 Sep 1996 01:33:07 EDT." <Pine.NEB.3.92.960928012530.10171Q-100000@zap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The exploit is limited to 8.6.x in its present incarnation, but the bug is most definitely not - the bus error you generated is a fairly good indicator of that. Most likely, the exploit could be tuned to hit 8.7.5 by changing the offset it uses. I haven't played around with it enough to really tell. In any event, upgrading to 8.7.6 is A Good Thing - the latest -current and -stable distributions are already upgraded (and have been since 2 days after the bug was publicized). -Dave > This exploit may be limited to 8.6.x... a 2.1.0-RELEASE system > upgraded to 8.7.5 does not appear to be vulnerable. > > % ./a.out > chfn: rebuilding the database... > chfn: done > Bus error > See result in /tmp > > % ls -l /tmp > total 18 > -rwxr-xr-x 1 taob nogroup 8828 Sep 28 01:24 a.out > -rwxr-xr-x 1 taob nogroup 43 Sep 28 01:24 hack > -rw-r--r-- 1 taob staff 2686 Sep 28 01:23 sroot.c > -rw-r--r-- 1 taob nogroup 383 Sep 28 01:24 user.inf > > % uname -v > FreeBSD 2.1.0-RELEASE #0: Thu May 2 18:53:14 EDT 1996 > taob@cabal.net5a.io.org:/src/2.1.0-RELEASE/sys/compile/MAIL >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609280732.BAA13246>