Bugtraq mailing list archives
Re: CERT Alert on new sendmail bug - any info?
From: fitz () wang com (Tom Fitzgerald)
Date: Fri, 18 Aug 1995 13:54:58 EDT
I just got the new sendmail bug alert from CERT, and of course it may affect my configuration - which leads to the question, does anybody know what the problem is so I can temporarily defend my system?
I don't have any real information, but my guess is that this is the same problem as [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995, and that use of smrsh is an excellent defense against the bug. 8lgm hasn't published an exploit for this problem, even though they said they passed the exploit on to CERT over three months ago. It's a shame to have to give up IDA.... V8 doesn't do username-hiding nearly as well. -- Tom Fitzgerald 1-508-967-5278 Wang Labs, Billerica MA, USA fitz () wang com
Current thread:
- SSL message broken That Whispering Wolf... (Aug 16)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken That Whispering Wolf... (Aug 17)
- Re: SSL message broken Perry E. Metzger (Aug 17)
- CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Tom Fitzgerald (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Karl Strickland (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Ben Golding (Aug 20)
- Re: CERT Alert on new sendmail bug - any info? Neil Woods (Aug 18)
- Re: CERT Alert on new sendmail bug - any info? Dr. Frederick B. Cohen (Aug 18)
- Re: SSL message broken Mark (Aug 17)
- Re: SSL message broken Scott McClung (Aug 18)