J.R. Lillard said... >Somebody asked this before, but I saw no replies. Are there any know >bugs for ULTRIX 4.3A? Yes. There are several. /bin/mail has a few race conditions, mostly involving the creation of /tmp files. I assisted a colleague of mine in writing an exploitation script to demonstrate the problem and it was posted to this list back in November. If you can't find it, I'll post it again. Ultrix sendmail also has the "standard" vendor sendmail bugs, such as the newline-in-queuefile bug and the return-mail-to-pipe bug, all of which have all been discussed at great length on bugtraq and are superficially covered in CERT Advisories CA-95:05 and CA-94:12. The lpr subsystem also has a security hole, described in 8lgm-Advisory-3.UNIX.lpr.19-Aug-1991. DEC currently recommends upgrading to Ultrix v4.4 and installing their security patch kit to fix all of these problems. The one security hole that DEC's patch does not fix is the sendmail queuefile bug. This bug can only be exploited from within your system and is fixed in sendmail 8.6.1[012] For more information on the DEC security patch kit, take a look at CIAC Bulletin E-24, available at http://ciac.llnl.gov/ciac/bulletins/e-24.shtm If performing the DEC upgrade is infeasible for you, I strongly recommend that you get rid of the Ultrix default /bin/mail and /usr/lib/sendmail and replace them with procmail and sendmail v8.6.12. Also, take a look at the 8lgm fix for the lpr problem. If you need any more information, let me know. - Christopher Ellwood <cellwood@gauss.calpoly.edu> EL/EE Dept. System Administrator - Cal Poly - San Luis Obispo, California