Sendfile daemon bugs

[psheep () hushmail com]

I have attached two simple scripts which exploit vulnerabilities which exist 
in the some versions of the Sendfile daemon, both allow a local attacker 
to gain superuser privileges.

The bug exploited by sfdfwd.sh was supposed to have been fixed by the patches 
provided in Debian Security Advisory DSA-050-1 and then DSA-052-1 and was 
reported by Colin Phipps in November 2000, somehow it has still not been 
fixed.  The second bug has been reported (without any success) to Debian,
 it is the result of a serialization error combined with a lack of error 
checking.

Anyone using this package should download the most recent copy of the source 
code directly from the author's site and manually compile it, or apply the 
patch used in Debian-unstable (sendfile_2.1-25).  Up-to-date copies of the 
source can be obtained from ftp://ftp.belwue.de/pub/unix/sendfile/current

Free, encrypted, secure Web-based email at www.hushmail.com

Attachment: sfdfwd.sh
Description:

Attachment: sfdnfy.sh
Description: