Re: OOPS - the wrapper fails

[rafi () tavor openu ac il (Rafi Sadowsky)]

On Fri, 24 Feb 1995, Dr. Frederick B. Cohen wrote:

> Well, here we go again - with the wrapper in place, the attack managed
> to place a file in my /tmp directory (owned by user nobody).  I sure
> wish I had the source to this attack so I could try to fix it myself.
>
> If anyone has a better fix - let me know ASAP
> FC
sure which you would specify which attack you're talking about ...
if it is the AUTH/IDENT remote one I don't the the wrapper addresses that 
problem ...
(from the source it seems to address problem with local users & ENV 
variables - is that the kind of attack you're trying ? )

also what version of sendmail are your using ?

also maybe a more appropriate place for this would be bugtraq
(so I'll cross post - even though I hate it.. ) since we're talking about 
unix bug - which does have a relation to firewalls but IMHO it's not the 
right place ( and also has a non full disclosure policy )

Enjoy,
        Rafi


-- 
Rafi Sadowsky                                   rafi () tavor openu ac il
[postmaster () openu ac il]                        FAX: +972-3-6460483