Bugtraq mailing list archives

Re: Sendmail 8.8.x/8.9.x bugware

From: john () RESOLUTE COM (John Mizzi)
Date: Sun, 17 Jan 1999 22:04:06 -0800


Would disabling redirection take care of the problem as well ?


John
Alan Brown once said


On Sat, 12 Dec 1998, Michal Zalewski wrote:

Bottoms up! Two bugs (and fixes) - Sendmail 8.8.x/8.9.x.


Michal, have you tested these against sendmail 8.9.2?

There's mention in the Change log of a few obscure redirection/relaying
attack fixes for that version.

AB

Current thread:

Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Dec 11)
- Re: Sendmail 8.8.x/8.9.x bugware Alan Brown (Jan 16)
  - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Dec 12)
    - Re: Sendmail 8.8.x/8.9.x bugware Frank Louwers (Jan 18)
    - Win95/98 SMB Authentication Vulnerability (fwd) tschweik () FIDUCIA DE (Jan 18)
  - [SECURITY] ftpwatch package has major security problems Jamie Fifield (Jan 17)
  - Michal's report and sendmail-8.9.2 GvS (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Jens Hoffmann (Jan 16)
  - Re: Sendmail 8.8.x/8.9.x bugware Alan Brown (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
  - Personal web server kiborg (Jan 17)
    - Re: Personal web server Dave Pifke (Jan 18)
    - Another web-based mail reader hole Dave Pifke (Jan 18)
    - Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
  - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
    - Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
    - Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)

(Thread continues...)