Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: Security problem in sendmail versions 8.x.x

Security problem in sendmail versions 8.x.x

Benjamin Cline (mithrilathena.com)
Tue, 15 Mar 94 14:35:49 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Harry Mantakos: "Re: so..."
Previous message: Bob Manson: "Re: Sendmail hole"
Next in thread: Greg Woods: "Re: Security problem in sendmail versions 8.x.x"

This showed up in my mailbox last night. Anyone know any details?

	benjamin

Begin forwarded message:

From: Izumi Ohzawa <izumipinoko.berkeley.edu>
Date: Mon, 14 Mar 1994 16:58:06 -0800
To: next-managersstolaf.edu
Subject: Security problem in sendmail versions 8.x.x
Reply-To: izumipinoko.berkeley.edu
Precedence: bulk


FYI,
If you are running sendmail 8.x.x, you should take note of the
following posting, and get version 8.6.7 ASAP.
NeXT's sendmail version 5.67e doesn't have the bug, and is the
version you should be using if you are sticking with NeXT's.

To find what version of sendmail a host is running, do:
"telnet hostname 25", then type 'quit'.

Izumi Ohzawa

---------------------------------------------------------------
>From: ericCS.Berkeley.EDU (Eric Allman)
>Newsgroups: comp.mail.sendmail,comp.security.unix
>Subject: sendmail 8.6.7 released
>Date: 14 Mar 1994 17:52:56 GMT
>Organization: UC Berkeley Mammoth Project
>Message-Id: <2m289o$creagate.berkeley.edu>
>
>I regret that someone reported a nasty security problem to me less
>that 24 hours after I released sendmail 8.6.6.  This bug is present
>in all sendmail version 8 versions prior to 8.6.7, as well as in
>many vendor versions.  It does not exist in IDA sendmail.  I urge
>you to upgrade before the cracker scripts start circulating around
>the network.  Sorry for the inconvenience -- I only heard about this
>an hour ago myself.
>
>Sendmail 8.6.7 is available on FTP.CS.Berkeley.EDU in /ucb/sendmail.
>
>eric

-------------------- THE FOLLOWING IS ADDED AUTOMATICALLY --------------------
NeXT-Managers is a self-moderated list.  Please be considerate of the agreed
policies: send replies to original author only, who will summarize responses;
do not send NeXT-Mail postings; time-critical requests only.  A searchable
archive of next-managers postings is available from "gopher.stolaf.edu"
in "Internet Resources/St. Olaf Sponsored Mailing Lists/NeXT-Managers"

Send questions and requests to:		next-managers-requeststolaf.edu

Next message: Harry Mantakos: "Re: so..."
Previous message: Bob Manson: "Re: Sendmail hole"
Next in thread: Greg Woods: "Re: Security problem in sendmail versions 8.x.x"