Date: Sat, 16 Nov 1996 17:24:55 -0600 (CST) From: "S(pork)" <spork@super-g.com> To: Karl Denninger <karl@Mcs.Net> Cc: freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org Subject: Re: New sendmail bug... Message-ID: <Pine.LNX.3.92.961116172335.13136A-100000@super-g.inch.com> In-Reply-To: <199611170017.SAA16884@Jupiter.Mcs.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, also I just installed smrsh on a whim (I'm definetly not a C expert, very very novice here) and smrsh (included in the sendmail dist) takes care of the problem as well... Exploit to follow... Charles On Sat, 16 Nov 1996, Karl Denninger wrote: > > > > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > > more knowledge on this issue can check it out, please post to the list so > > everyone can free themselves of this vulnerability. Root in under 15 > > seconds with an account on the machine. If you need the 'sploit, please > > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > > Linux so far... > > > > TIA > > > > Charles > > Its real - and the fix is two lines inserted in the sighup() handler: > > setgid(RealGid); > setuid(RealUid); > > prior to the exec call. > > -- > -- > Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity > http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service > | 33 Analog Prefixes, 13 ISDN, Web servers $75/mo > Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ > Fax: [+1 312 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.92.961116172335.13136A-100000>