From owner-freebsd-hackers Sat Nov 16 16:55:29 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA01232 for hackers-outgoing; Sat, 16 Nov 1996 16:55:29 -0800 (PST) Received: from chaos.ecpnet.com (raistlin@chaos.ecpnet.com [204.246.64.13]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA01227; Sat, 16 Nov 1996 16:55:26 -0800 (PST) Received: from localhost (raistlin@localhost) by chaos.ecpnet.com (8.8.2/8.7.3) with SMTP id SAA01881; Sat, 16 Nov 1996 18:56:48 -0600 Date: Sat, 16 Nov 1996 18:56:47 -0600 (CST) From: Justen Stepka To: "S(pork)" cc: freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: New sendmail bug... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 16 Nov 1996, S(pork) wrote: > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > more knowledge on this issue can check it out, please post to the list so > everyone can free themselves of this vulnerability. Root in under 15 > seconds with an account on the machine. If you need the 'sploit, please > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > Linux so far... > > TIA > > Charles > I tested this on FBSD and I couldn't get it to work. Though when I tried it on Linux it worked in about 10 second :(, currently I have disabled accounts on my machines until I fix the problem. ------------------------------------------------------------------------------ Justen Stepka | http://www.ecpnet.com/~raistlin Network Administrator | "This space for rent" raistlin@ecpnet.com | 3.0-CURRENT FreeBSD 3.0-CURRENT ------------------------------------------------------------------------------