Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Bugtraq: Re: Sendmail 8.7, 8.7.1

Re: Sendmail 8.7, 8.7.1

From: Andrew Cameron <andrew_at_andy.alt.za>
Date: Tue, 10 Oct 1995 21:17:33 +0200

On Tue, 10 Oct 1995, Casper Dik wrote:

> >Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
> >that was incompletely patched in 8.7, and (supposedly) finally patched
> >in 8.7.1?
>
> It's just syslog() overruning the stack again. There's also another problem
> which causes the datas segment to be overrun, but that's not as easy
> to abuse (if at all).
>
> Casper
>
When is someone going to make the code available to verify the Syslog bug
for Sunos 4.1.3

I have a person at work who refuses to apply the patches to his Sunos
System until we can prove to him that a bug exists.

-----------------------------------------------------------------------------

Andrew Cameron
Internet: andrew_at_andy.alt.za
X.400: C=ZA G=Andrew S=Cameron Admd=TELKOM400

----------------------------------------------------------------------------
Received on Oct 10 1995

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]