Bugtraq mailing list archives
Re: SM 8.6.12
From: maf () net ohio-state edu (Mark A. Fullmer)
Date: Thu, 13 Jul 1995 10:02:02 -0400
Nathan Lawson writes:
I would like to know if anyone has heard of the newest holes in sendmail 8.6.12. My details are sketchy, but once again, there is a remote, as well as local hole. Sendmail is convenient; convenience is evil!
A few weeks at the Cisco Networkers conference Bill Cheswick hinted at a new found sendmail security problem in 8.6.12 which Eric had fixed in 8.7. The 8.7 release notes contain: SECURITY: avoid denial-of-service attacks possible by destroying the alias database file by setting resource limits low. This involves adding two new compile-time options: HASSETRLIMIT (indicating that setrlimit(2) support is available) and HASULIMIT (indicating that ulimit(2) support is available -- the Release 3 form is used). The former is assumed on BSD-based systems, the latter on System V-based systems. Attack noted by Phil Brandenberger of Swarthmore University. Is this the problem, or is it worse? Eric? -- mark maf+ () osu edu
Current thread:
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing, (continued)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)
- Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
- Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
- Details of linux select(2) bug? Karl Strickland (Jul 07)
- SM 8.6.12 Nathan Lawson (Jul 08)
- Re: SM 8.6.12 Karl Strickland (Jul 08)
- Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
- Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
- Re: SM 8.6.12 Eric Allman (Jul 16)
- inetd probs Mark (Jul 17)
- Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)
- Re: SM 8.6.12 System Administrator (Jul 18)
- ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
- HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)