[supinfo at caldera.com: Security Update [CSSA-2001-032.0] Linux - sendmail instant root exploit]
jjones at darkside.dynup.net
Sat Aug 25 09:36:06 PDT 2001
On Sat, Aug 25, 2001 at 12:27:10PM +0200, Thomas -Balu- Walter spat:
> Actually this is the final reason for me to switch to qmail...
> I was kinda satisfied with sendmail over the last years, since no bugs
> were found - now I am proved wrong...
> Thank god I am playing with qmail for some weeks now.
> 1. Problem Description
> Sendmail contains an input validation error, so local users may be
> able to write arbitrary data to process memory, possibly allowing the
> execution of code/commands with elevated privileges. This allows
> a local attacker to gain access to the root account.
Have you tried the exploit(s)? They aren't working here. Oh, and BTW,
SuSE's announcements are better than Caldera's. :)
I realize this is an actual bug, but it seems alot of hypotheticalness
(is that a word?) is involved with alot of these "security" issues,
sorta like the mktemp/tempnam stuff.
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message
More information about the lfs-security