Bugtraq mailing list archives

Re: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail

From: George Capehart <gwc () acm org>
Date: Thu, 29 Jul 2004 18:07:08 -0400

On Wednesday 28 July 2004 16:10, please_reply_to_security () sco com 
allegedly wrote:

_____________________________________________________________________
_________

                      SCO Security Advisory

Subject:              OpenServer 5.0.6 OpenServer 5.0.7 : Multiple
Vulnerabilities in Sendmail Advisory number:  SCOSA-2004.11
Issue date:           2004 July 28
Cross reference:      sr876461 fz527630 erg712277 CAN-2003-0161 CA-2003-12
                      sr884730 fz528323 erg712435 CAN-2003-0694 CA-2003-25
_____________________________________________________________________
_________


1. Problem Description

      CERT Advisory CA-2003-12

      There is a vulnerability in sendmail that can be exploited
      to cause a denial-of-service condition and could allow a
      remote attacker to execute arbitrary code with the privileges
      of the sendmail daemon, typically root.


This advisory was issued on March 29, 2003.  That was /*sixteen*/ MONTHS 
ago . . . C'mon, guys!

-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925

Current thread:

OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail please_reply_to_security (Jul 29)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail George Capehart (Jul 30)