|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Chris Samaritoni (chris_at_tierra.net)
Date: Mon Mar 03 2003 - 13:39:00 CST
At 09:11 AM 3/3/2003 -0800, FreeBSD Security Advisories wrote:
>III. Impact
>
>A remote attacker could create a specially crafted message that may
>cause sendmail to execute arbitrary code with the privileges of the
>user running sendmail, typically root. The malicious message might be
>handled (and therefore the vulnerability triggered) by the initial
>sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail
>process. Exploiting this defect is particularly difficult, but is
>believed to be possible.
Question, I have a some systems that don't run any sendmail daemons, but
local users that have scripts that run sendmail to send messages. I'm not
familiar with how running sendmail from the command line would differ, but
would this also be affected by this bug, in which case wouldn't this also
make it a local compromise as well? I'm just looking for clarification.
Thanks,
Chris Samaritoni
TierraNet Inc.
chris
tierra.net
----------------
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]