Re: Security problem in sendmail versions 8.x.x

Greg Woods (woods@ncar.ucar.edu)
Wed, 16 Mar 94 10:02:24 MST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rafi Sadowsky: "Re: rdist"
Previous message: jdd@cdf.toronto.edu: "Re: Sendmail hole"
In reply to: Benjamin Cline: "Security problem in sendmail versions 8.x.x"

My understanding is that the latest sendmail problem involves use of
very large numbers (larger than the maximum value of a signed int but
smaller than the max value of unsigned int) to the -d flag, which
results in overwriting locations in memory before the debug array. It
looks to me like this requires quite a bit of sophistication to
exploit, but of course we all know that it won't be long before all the
serious crackers know how to make use of it. The hole will allow an
ordinary user already logged on  to become root; there is no evidence
that it can be exploited over an SMTP connection.

--Greg

Next message: Rafi Sadowsky: "Re: rdist"
Previous message: jdd@cdf.toronto.edu: "Re: Sendmail hole"
In reply to: Benjamin Cline: "Security problem in sendmail versions 8.x.x"