Bugtraq mailing list archives
one smail bug
From: dan () dan com (dan)
Date: Fri, 7 Oct 1994 08:38:11 -0500
Saw this one elsewhere and don't think it was crossposted to here or security groups yet: From: martin2 () sueton ida ing tu-bs de (Martin Bartosch) Subject: Security hole in smail - be careful! Followup-To: comp.os.linux.misc Summary: Security hole in smail. Keywords: security hole, smail, debugging Reply-To: martin () koma escape de Organization: TU Braunschweig, Informatik (Bueltenweg), Germany Date: Thu, 6 Oct 1994 14:57:37 GMT Hi, last night I discovered a potential danger to all sites that run smail. A quick check on some other sites (thanks to the folks on #linux) revealed that most systems are affected by this. Essentially, the smail bug will allow ordinary users to create files anywhere they want to: Assume /usr/lib/sendmail is a softlink to /usr/bin/smail. $ /usr/lib/sendmail -d -D/etc/i_am_broken noone@universe $ ls -l /etc/i_am* Be aware of this. Some sites even come up with permissions rw-rw-rw-! This behaviour is not affected by -smtp-debug. Just my $0.02. Martin. -- Dan
Current thread:
- Segmentation Faults Michael Bresnahan (Oct 05)
- Re: Segmentation Faults Brett Lymn (Oct 06)
- thanks! Michael Bresnahan (Oct 06)
- SMAIL Aleph One (Oct 06)
- syslog idea *Hobbit* (Oct 06)
- Re: syslog idea David Kovar (Oct 06)
- Re: syslog idea Jonathan M. Bresler (Oct 07)
- Re: syslog idea Fred Blonder (Oct 07)
- Re: syslog idea Jonathan M. Bresler (Oct 07)
- Re: syslog idea Fred Blonder (Oct 07)
- Re: syslog idea Jonathan M. Bresler (Oct 08)