|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Claus Assmann (ca+bugtraq
ZARDOC.ENDMAIL.ORG)Date: Fri Feb 23 2001 - 15:41:01 CST
On Thu, Feb 22, 2001, securityTURBOLINUX.COM wrote:
I've sent yesterday an e-mail to securityTURBOLINUX.COM but got
no reply up to now. So I'll try it here.
> Vulnerable Packages: All versions previous to 8.11.2-5
> Date: 02/21/2001 5:00 PDT
> TurboLinux Advisory ID#: TLSA2001003-1
> 2. Impact
>
> A user can gain root privileges.
Does TurboLinux have any proof for this claim or is it just a guess?
If the former: why has sendmail-securitysendmail.org not been contacted?
If the latter: why isn't this explicitly stated here?
BTW: Another advisory (TLSA2000013-1) from TurboLinux also made a
wrong claim about sendmail. It would be nice to be more careful.
PS: The segfault problem has been fixed in 8.11.2 as the RELEASES_NOTES
clearly say.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOpbY7c8etQMiMnoBAQGKHAQAucArg5oKoKnKWog216WLMBroxuhry2dy
yG5CKrMhq6TL3UShdPLix83UNbd0IY+iTCp3fj/IjaygLDdR6WfYXH8ZmY3F4Nj/
2b3CFuvSOgUC2V6FfvHQOon+LC2s/u18zfQ/+vGzFWGBcPZdvrUx5ruhZwnhuol7
q9RXs/We+e0=
=ppga
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]