Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_4

Bugtraq archives for 4th quarter (Oct-Dec) 1995: Sendmail 8.6.12 hole & smrsh

Sendmail 8.6.12 hole & smrsh

Janis Lacis (janisMII.LU.LV)
Thu, 12 Oct 1995 14:01:09 -0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: Sendmail 8.6.12 hole & smrsh"
Previous message: Frank Stuart: "Re: Netscape problems (again)..."
Next in thread: Casper Dik: "Re: Sendmail 8.6.12 hole & smrsh"

>Who knows what the root-shell-giving security hole is in Sendmail 8.6.12
>that was incompletely patched in 8.7, and (supposedly) finally patched
>in 8.7.1?

I wonder if the attack is still possible if there is a "smrsh" shell
installed instead of "sh" in sendmail.cf ?

--     Janis Lacis, LATNET administrator,
  Institute of Mathematics
           and Computer Science,
  University of Latvia
  Rainis boulevard 29, Riga                Phone: +3712-212427
  LV-1459,Latvia                             Fax: +3718-820153
                   E-mail: janismii.lu.lv
==========================================================================

Next message: Casper Dik: "Re: Sendmail 8.6.12 hole & smrsh"
Previous message: Frank Stuart: "Re: Netscape problems (again)..."
Next in thread: Casper Dik: "Re: Sendmail 8.6.12 hole & smrsh"