Re: OOPS - the wrapper fails

Rafi Sadowsky (rafi@tavor.openu.ac.il)
Sat, 25 Feb 1995 12:16:37 +0200 (IST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Brownlee: "Sendmail fixkit"
Previous message: Jordan Hayes: "Re: NCSA httpd 1.3"

On Fri, 24 Feb 1995, Dr. Frederick B. Cohen wrote:

> Well, here we go again - with the wrapper in place, the attack managed
> to place a file in my /tmp directory (owned by user nobody).  I sure
> wish I had the source to this attack so I could try to fix it myself.
> 
> If anyone has a better fix - let me know ASAP
> FC
> 
sure which you would specify which attack you're talking about ...
if it is the AUTH/IDENT remote one I don't the the wrapper addresses that 
problem ...
(from the source it seems to address problem with local users & ENV 
variables - is that the kind of attack you're trying ? )

also what version of sendmail are your using ?

also maybe a more appropriate place for this would be bugtraq
(so I'll cross post - even though I hate it.. ) since we're talking about 
unix bug - which does have a relation to firewalls but IMHO it's not the 
right place ( and also has a non full disclosure policy )

Enjoy,
	Rafi

-- 
Rafi Sadowsky                                   rafi@tavor.openu.ac.il
[postmaster@openu.ac.il]                        FAX: +972-3-6460483

Next message: David Brownlee: "Sendmail fixkit"
Previous message: Jordan Hayes: "Re: NCSA httpd 1.3"