Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_4

Bugtraq archives for 4th quarter (Oct-Dec) 1995: Re: Sendmail 8.7, 8.7.1

Re: Sendmail 8.7, 8.7.1

Andrew Cameron (andrewandy.alt.za)
Tue, 10 Oct 1995 21:17:33 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jay 'Whip' Grizzard: "Netscape problems (again)..."
Previous message: SnoCrash: "Re: Sendmail 8.7, 8.7.1"
In reply to: Casper Dik: "Re: Sendmail 8.7, 8.7.1"

On Tue, 10 Oct 1995, Casper Dik wrote:

> >Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
> >that was incompletely patched in 8.7, and (supposedly) finally patched
> >in 8.7.1?
>
> It's just syslog() overruning the stack again.  There's also another problem
> which causes the datas segment to be overrun, but that's not as easy
> to abuse (if at all).
>
> Casper
>
When is someone going to make the code available to verify the Syslog bug
for Sunos 4.1.3

I have a person at work who refuses to apply the patches to his Sunos
System until we can prove to him that a bug exists.

-----------------------------------------------------------------------------

Andrew Cameron
Internet : andrewandy.alt.za
X.400    : C=ZA G=Andrew S=Cameron Admd=TELKOM400

----------------------------------------------------------------------------

Next message: Jay 'Whip' Grizzard: "Netscape problems (again)..."
Previous message: SnoCrash: "Re: Sendmail 8.7, 8.7.1"
In reply to: Casper Dik: "Re: Sendmail 8.7, 8.7.1"