|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Remote exploit in sendmail 8.8.0
Alain Magloire (alain.magloire
rcsm.ee.mcgill.ca)Thu, 17 Oct 1996 12:40:28 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Brad.Powell: "Re: ftpd bug? Was: bin/1805: Bug in ftpd"
- Previous message: Thomas Roessler: "Re: Remote exploit in sendmail 8.8.0"
- In reply to: John Anonymous MacDonald: "Remote exploit in sendmail 8.8.0"
- Next in thread: Dave Hayes: "Re: Remote exploit in sendmail 8.8.0"
>
> There is a serious bug in the mime7to8() function of sendmail 8.8.0
> which allows anyone who can send you mail to execute arbitrary code as
> root on your machine. I think mime7to8() only gets invoked if you set
> the undocumented "9" mailer flag. However, this flag is set by
> default in the cf/mailer/local.m4 file that ships with sendmail
> 8.8.0. Thus, if you are using an old V6 format configuration file
> from sendmail 8.7, you are probably safe, but if you generated a new
> V7 configuration file, you are probably vulnerable to this bug.
>
From the READ_ME
MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions. Not yet
implemented.
How about to simply recompile with
-DMIME7TO8=0
?
--
alain
- Next message: Brad.Powell: "Re: ftpd bug? Was: bin/1805: Bug in ftpd"
- Previous message: Thomas Roessler: "Re: Remote exploit in sendmail 8.8.0"
- In reply to: John Anonymous MacDonald: "Remote exploit in sendmail 8.8.0"
- Next in thread: Dave Hayes: "Re: Remote exploit in sendmail 8.8.0"