Bugtraq mailing list archives
Re: Sendmail 8.7, 8.7.1
From: spew () J51 COM (SnoCrash)
Date: Tue, 10 Oct 1995 15:13:19 -0400
On Tue, 10 Oct 1995, Casper Dik wrote:
Who knows what the root-shell-giving security hole is in Sendmail 8.6.12 that was incompletely patched in 8.7, and (supposedly) finally patched in 8.7.1?It's just syslog() overruning the stack again. There's also another problem which causes the datas segment to be overrun, but that's not as easy to abuse (if at all).
There also seems to be some sort of problem with body types. The following is quoted from the the Sendmail 8.7.1 RELEASE_NOTES file: "Fix a problem that might cause a non-standard -B (body type) parameter to be passed to the next server with undefined results. This could have security implications." Anyone have a clue as to what these "Security Implications" are? The patch included follows... pretty easy to understand. <begin patch to src/main.c> *************** *** 789,795 **** else if (strcasecmp(CurEnv->e_bodytype, "8BITMIME") == 0) SevenBitInput = FALSE; else ! usrerr("Illegal body type %s", optarg); /* Enforce use of local time (null string overrides this) */ if (TimeZoneSpec == NULL) --- 789,798 ---- else if (strcasecmp(CurEnv->e_bodytype, "8BITMIME") == 0) SevenBitInput = FALSE; else ! { ! usrerr("Illegal body type %s", CurEnv->e_bodytype); ! CurEnv->e_bodytype = NULL; ! } /* Enforce use of local time (null string overrides this) */ if (TimeZoneSpec == NULL) <end patch> I haven't had time to play around with body types yet, although this bug seems to be patched, we can never be sure with sendmail. :)
Current thread:
- Re: Netscape 2.0b1 for Win95 (fwd) Aleph One (Oct 09)
- Sendmail 8.7, 8.7.1 Charles Howes (Oct 09)
- Re: Sendmail 8.7, 8.7.1 Casper Dik (Oct 10)
- Re: Sendmail 8.7, 8.7.1 SnoCrash (Oct 10)
- Re: Sendmail 8.7, 8.7.1 Andrew Cameron (Oct 10)
- Netscape problems (again)... Jay 'Whip' Grizzard (Oct 10)
- s-bits disappear ? Bernd Lehle (Oct 11)
- Re: s-bits disappear ? Neil Readwin (Oct 12)
- Sun's Loadmodule Patch Neil Woods (Oct 18)
- FW: WinNews Special Issue Scott Chasin (Oct 22)
- SunOS 5.5 Beta Aleph One (Oct 24)
- denial of service attack possible Mark Thomas (Oct 26)
- Re: denial of service attack possible Darren Reed (Oct 27)
- Re: denial of service attack possible Darrell Fuhriman (Oct 27)
- Re: Sendmail 8.7, 8.7.1 Casper Dik (Oct 10)
- Sendmail 8.7, 8.7.1 Charles Howes (Oct 09)