Bugtraq mailing list archives

Re: SM 8.6.12

From: eric () CS Berkeley EDU (Eric Allman)
Date: Sun, 16 Jul 1995 09:25:17 +0100


Frankly, I would like to know myself.  I haven't spoken to Ches
about it -- perhaps I'll find someone who knows something about
this at IETF next week.

eric


Re:
: From:  "Mark A. Fullmer" <maf () net ohio-state edu>
: Subject:  Re: SM 8.6.12
: Date:  Thu, 13 Jul 1995 10:02:02 -0400 (EDT)

: Nathan Lawson writes:
: >
: >I would like to know if anyone has heard of the newest holes in sendmail 8.6
.12.
: >My details are sketchy, but once again, there is a remote, as well as local
: >hole.
: >
: >Sendmail is convenient; convenience is evil!
:
: A few weeks at the Cisco Networkers conference Bill Cheswick hinted at
: a new found sendmail security problem in 8.6.12 which Eric had fixed in 8.7.
:
: The 8.7 release notes contain:
:
:     SECURITY: avoid denial-of-service attacks possible by destroying
:         the alias database file by setting resource limits low.
:         This involves adding two new compile-time options:
:         HASSETRLIMIT (indicating that setrlimit(2) support is
:         available) and HASULIMIT (indicating that ulimit(2) support
:         is available -- the Release 3 form is used).  The former
:         is assumed on BSD-based systems, the latter on System
:         V-based systems.  Attack noted by Phil Brandenberger of
:         Swarthmore University.
:
: Is this the problem, or is it worse?  Eric?
:
: --
: mark
: maf+ () osu edu
:

Current thread:

Re: Exploit for Linux wu.ftpd hole, (continued)
- - - Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
  - Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
    - Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
  - Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
  - Details of linux select(2) bug? Karl Strickland (Jul 07)
  - SM 8.6.12 Nathan Lawson (Jul 08)
    - Re: SM 8.6.12 Karl Strickland (Jul 08)
    - Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
    - Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
    - Re: SM 8.6.12 Eric Allman (Jul 16)
    - inetd probs Mark (Jul 17)
    - Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)
    - Re: SM 8.6.12 System Administrator (Jul 18)
    - ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
    - HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
    - Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
  - Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
    - Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)

(Thread continues...)