Bugtraq mailing list archives
Re: SM 8.6.12
From: eric () CS Berkeley EDU (Eric Allman)
Date: Sun, 16 Jul 1995 09:25:17 +0100
Frankly, I would like to know myself. I haven't spoken to Ches about it -- perhaps I'll find someone who knows something about this at IETF next week. eric Re: : From: "Mark A. Fullmer" <maf () net ohio-state edu> : Subject: Re: SM 8.6.12 : Date: Thu, 13 Jul 1995 10:02:02 -0400 (EDT) : Nathan Lawson writes: : > : >I would like to know if anyone has heard of the newest holes in sendmail 8.6 .12. : >My details are sketchy, but once again, there is a remote, as well as local : >hole. : > : >Sendmail is convenient; convenience is evil! : : A few weeks at the Cisco Networkers conference Bill Cheswick hinted at : a new found sendmail security problem in 8.6.12 which Eric had fixed in 8.7. : : The 8.7 release notes contain: : : SECURITY: avoid denial-of-service attacks possible by destroying : the alias database file by setting resource limits low. : This involves adding two new compile-time options: : HASSETRLIMIT (indicating that setrlimit(2) support is : available) and HASULIMIT (indicating that ulimit(2) support : is available -- the Release 3 form is used). The former : is assumed on BSD-based systems, the latter on System : V-based systems. Attack noted by Phil Brandenberger of : Swarthmore University. : : Is this the problem, or is it worse? Eric? : : -- : mark : maf+ () osu edu :
Current thread:
- Re: Exploit for Linux wu.ftpd hole, (continued)
- Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
- Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
- Details of linux select(2) bug? Karl Strickland (Jul 07)
- SM 8.6.12 Nathan Lawson (Jul 08)
- Re: SM 8.6.12 Karl Strickland (Jul 08)
- Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
- Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
- Re: SM 8.6.12 Eric Allman (Jul 16)
- inetd probs Mark (Jul 17)
- Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)
- Re: SM 8.6.12 System Administrator (Jul 18)
- ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
- HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)