Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: Sendmail 8.7, 8.7.1

Re: Sendmail 8.7, 8.7.1

From: Casper Dik <casper_at_Holland.Sun.COM>
Date: Tue, 10 Oct 1995 09:14:51 +0100

>Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
>that was incompletely patched in 8.7, and (supposedly) finally patched
>in 8.7.1?

It's just syslog() overruning the stack again. There's also another problem
which causes the datas segment to be overrun, but that's not as easy
to abuse (if at all).

Casper
Received on Oct 10 1995

This message: [ Message body ]
Next message: SnoCrash: "Re: Sendmail 8.7, 8.7.1"
Previous message: Charles Howes: "Sendmail 8.7, 8.7.1"
In reply to: Charles Howes: "Sendmail 8.7, 8.7.1"
Next in thread: SnoCrash: "Re: Sendmail 8.7, 8.7.1"
Reply: SnoCrash: "Re: Sendmail 8.7, 8.7.1"
Reply: Andrew Cameron: "Re: Sendmail 8.7, 8.7.1"
Reply: Jay 'Whip' Grizzard: "Netscape problems (again)..."
Reply: Bernd Lehle: "s-bits disappear ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]