mailing list archives
From: 8lgm () bagpuss demon co uk ([8LGM] Security Team)
Date: Thu, 18 May 1995 04:06:51 +0100
This advisory has been sent to:
CERT/CC <cert () cert org>
sendmail(8) (Version 5.*)
KNOWN VULNERABLE VERSIONS:
SunOS 4.1.* up to and including patch 100377-19
IDA Sendmail V5.*
(Likely that any sendmail based on V5 is also vulnerable).
A flaw exists in versions of sendmail based on V5, which allows
users to run programs and/or append to files remotely.
The user does not require an account on that system.
Systems running V5 based sendmail are exploitable remotely.
At this time, exploit details are not available. Exploit
details will be provided on the 8lgm fileserver, at some
point in the future.
Details have been provided to ecd () cert org, in order to speed
up availability of exploit information to vulnerable vendors.
WORKAROUND & FIX:
1) Install V8 sendmail.
2) Obtain patch from vendor.
FEEDBACK AND CONTACT INFORMATION:
majordomo () 8lgm org (Mailing list requests - try 'help'
8lgm () 8lgm org (Everything else)
All [8LGM] advisories may be obtained via the [8LGM] fileserver.
For details, 'echo help | mail 8lgm-fileserver () 8lgm org'
- [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995 [8LGM] Security Team (May 18)