Date: Sun, 17 Nov 1996 18:00:54 +0100 (MET) From: Wolfgang Ley <ley@cert.dfn.de> To: pgiffuni@fps.biblos.unal.edu.co Cc: spork@super-g.com, freebsd-security@freebsd.org, release@freebsd.org Subject: Re: New sendmail bug... Message-ID: <199611171700.SAA13765@tiger.cert.dfn.de> In-Reply-To: <328F623D.10A4@ingenieria.ingsala.unal.edu.co> from "Pedro Giffuni S." at Nov 17, 96 11:06:37 am
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Pedro Giffuni S. wrote: > > S(pork) wrote: > > > > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > > more knowledge on this issue can check it out, please post to the list so > > everyone can free themselves of this vulnerability. Root in under 15 > > seconds with an account on the machine. If you need the 'sploit, please > > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > > Linux so far... > > > > TIA > > > > Charles > After reading the latest CERT (which is rather old!), I installed smrsh > on all my boxes and changed the uid to an anonymous mail user with no > shell, as suggested. Does this cover it? Do the new releases install > smrsh by default? The latest CERT Advisory on sendmail is from September, 18th (last revised September, 21st) CA-96:20 and discusses a problem in sendmail 8.7.x. ftp://ftp.cert.dfn.de/pub/csir/cert/cert_advisories/CA-96.20.sendmail_vul The last sendmail Advisory is the Auscert Advisory AA-96:06a regarding a security problem in sendmail 8.8.0 and 8.8.1 and is dated October 18th (last revised October 20th). Not that old, is it? ftp://ftp.cert.dfn.de/pub/csir/auscert/auscert-advisory/ AA-96.06a.sendmail.8.8.0-8.8.1.Vulnerability The current problem applies at least to sendmail 8.7 - 8.8.2 (incl.). A 8.8.3 version is currently being tested and will fix the problem. Using "smrsh" is a good idea, but won't fix the current problem. > My mail under 8.8.0 is being read and manipulated by someone outside, > but this probably doesn´t have a solution does it? 8.8.0 has security problems which are even exploitable from the remote. The current 8.8.2 problem can be exploited by local users only. Bye, Wolfgang. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley@cert.dfn.de Phone: +49 40 5494-2262 Fax: +49 40 5494-2241 PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMo9EwwQmfXmOCknRAQE/bwP/XUviRLsDPECYkxA/W5csUyqTbOKIQp1u YnSdAH/jsEQzPpwZsL9AeQ5p6v5rRmoKHLhC/D0uN+eDZkyyIJSlukb1pvfIzL5b qGAPx71sFZxo+p7d088nJ6oJgr0DP+MibYXvY4YBdbJTrtF/25Qin51EcsfG7TaF iGDCX5dyVTw= =1g2X -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611171700.SAA13765>