|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Crispin Cowan (crispin
wirex.com)Date: Thu Jan 17 2002 - 15:59:54 CST
Rick Troxel wrote:
>Since previous messages in this list have indicated that Immunix 7.0 can
>still be vulnerable to some buffer overflows, I feel I must ask the
>following. Can someone confirm or deny that pine-4.33-7_imnx and
>sudo-1.6.3p6-1_imnx_1 are not vulnerable to the buffer overflow attacks
>documented in, for instance, RedHat Security Advisories RHSA-2002:009-06
>and RHSA-2002:013-03?
>
Pine is not on official support for Immunix; it is in our "unsup"
collection, because it is not a core part of a server. This means that
an advisory is likely to come out sooner or later, but it's not a priority.
FYI, from my read of the Pine advisory, it is not a buffer overflow. It
is just bad logic.
Sudo is supported, and we should have an advisory out soon.
Coordination between me and Seth is problematic, as I'm on the road at
the moment.
As with Pine, the sudo vulnerability is not a buffer overflow, it is bad
logic. Apparently sudo may invoke "sendmail" (whatever MTA you have
configured to act as "sendmail") to notify of bad password sudo
attempts. This becomes a vulnerability, because sudo does not clean up
the user's environment variables before invoking "sendmail". Thus the
attacker might be able to set an environment variable that the MTA
responds to in an unfortunate way.
Caveat: the RHSA sudo advisory that I have is 2002:011-06, not 013-03.
Not sure what 013-03 is.
Crispin
-- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html_______________________________________________ Immunix-users mailing list Immunix-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]