[supinfo at caldera.com: Security Update [CSSA-2001-032.0] Linux - sendmail instant root exploit]

Thomas -Balu- Walter tw at itreff.de
Sat Aug 25 03:27:10 PDT 2001


Actually this is the final reason for me to switch to qmail...

I was kinda satisfied with sendmail over the last years, since no bugs
were found - now I am proved wrong...

Thank god I am playing with qmail for some weeks now.

http://www.securityfocus.com/templates/article.html?id=244

     Ba-:(-lu

----- Forwarded message from Caldera Support Info <supinfo at caldera.com> -----

From: Caldera Support Info <supinfo at caldera.com>
To: announce at lists.caldera.com, bugtraq at securityfocus.com,
        linux-security at redhat.com, linuxlist at securityportal.com
Subject: Security Update [CSSA-2001-032.0] Linux - sendmail instant root exploit
Date: Fri, 24 Aug 2001 13:57:21 -0600
User-Agent: Mutt/1.2.5i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - sendmail instant root exploit
Advisory number: 	CSSA-2001-032.0
Issue date: 		2001, August 24
Cross reference:
______________________________________________________________________________


1. Problem Description

   Sendmail contains an input validation error, so local users may be
   able to write arbitrary data to process memory, possibly allowing the
   execution of code/commands with elevated privileges. This allows
   a local attacker to gain access to the root account.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 not vulnerable                

...
-- 
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message



More information about the lfs-security mailing list