Date: Sat, 16 Nov 1996 23:24:33 -0500 From: jc@irbs.com (John Capo) To: raistlin@chaos.ecpnet.com (Justen Stepka) Cc: freebsd-security@FreeBSD.org Subject: Re: New sendmail bug... Message-ID: <199611170424.XAA09008@irbs.irbs.com> In-Reply-To: <Pine.LNX.3.93.961116185526.1877A-100000@chaos.ecpnet.com>; from Justen Stepka on Nov 16, 1996 18:56:47 -0600 References: <Pine.LNX.3.92.961116165903.12931A-100000@super-g.inch.com> <Pine.LNX.3.93.961116185526.1877A-100000@chaos.ecpnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Justen Stepka (raistlin@chaos.ecpnet.com): > > I tested this on FBSD and I couldn't get it to work. Though when I tried > it on Linux it worked in about 10 second :(, currently I have disabled > accounts on my machines until I fix the problem. > Look at /tmp/sh, you may find it suid root. Sendmail may not have had a chance to get the shell copied and suid by the time the exploit script trys to run /tmp/sh. John Capo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611170424.XAA09008>