Bugtraq mailing list archives

Re: Remote exploit in sendmail 8.8.0

From: alain.magloire () rcsm ee mcgill ca (Alain Magloire)
Date: Thu, 17 Oct 1996 12:40:28 -0400


There is a serious bug in the mime7to8() function of sendmail 8.8.0
which allows anyone who can send you mail to execute arbitrary code as
root on your machine.  I think mime7to8() only gets invoked if you set
the undocumented "9" mailer flag.  However, this flag is set by
default in the cf/mailer/local.m4 file that ships with sendmail
8.8.0.  Thus, if you are using an old V6 format configuration file
from sendmail 8.7, you are probably safe, but if you generated a new
V7 configuration file, you are probably vulnerable to this bug.


 From the READ_ME
MIME7TO8        If non-zero, include 7 to 8 bit MIME conversions.  Not yet
                implemented.

How about to simply recompile with
-DMIME7TO8=0

?

--
alain

Current thread:

Remote exploit in sendmail 8.8.0 John Anonymous MacDonald (Oct 16)
- Re: Remote exploit in sendmail 8.8.0 Alain Magloire (Oct 17)
- <Possible follow-ups>
- Re: Remote exploit in sendmail 8.8.0 Thomas Roessler (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Dave Hayes (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 D. J. Bernstein (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Daniel S. Riley (Oct 18)
- Re: Remote exploit in sendmail 8.8.0 Steven L Baur (Oct 18)