Hi there SUN, IS THERE ANYONE IN ??? Please find below a copy of the [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995 of 17/18 May. I opened call no 5094255 (UK) on 18th May. My engineer is Kimberley Brown. Sun bug no 1026859. I also contacted Karl Strickland at [8lgm]. His reply is appended. The exploit script/info was sent to CERT and passed to Sun before May 20th. I'm told that someone unnamed in Suns security dept. is sitting on the exploit script for this bug and refusing to pass it to the engineer who is responsible for sendmail. This just is not good enough. I want an explanation of why it takes you weeks to get started on this one. I hope [8lgm] will now see that giving people like you (Sun) time to get a fix together is a waste of time and effort. The only thing that will light a fire under your asses is to publish the exploit script without a grace period. I feel that Sun is not fulfilling its support contract with us and I mean to find out why. Andy Cowley ----- Begin Included Message ----- < header deleted .... > This advisory has been sent to: comp.security.unix CERT/CC <cert@cert.org> =========================================================================== [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995 PROGRAM: sendmail(8) (Version 5.*) KNOWN VULNERABLE VERSIONS: SunOS 4.1.* up to and including patch 100377-19 Sendmail V5.* IDA Sendmail V5.* (Likely that any sendmail based on V5 is also vulnerable). DESCRIPTION: A flaw exists in versions of sendmail based on V5, which allows users to run programs and/or append to files remotely. The user does not require an account on that system. IMPACT: Systems running V5 based sendmail are exploitable remotely. REPEAT BY: At this time, exploit details are not available. Exploit details will be provided on the 8lgm fileserver, at some point in the future. DISCUSSION: Details have been provided to ecd@cert.org, in order to speed up availability of exploit information to vulnerable vendors. WORKAROUND & FIX: 1) Install V8 sendmail. 2) Obtain patch from vendor. FEEDBACK AND CONTACT INFORMATION: majordomo@8lgm.org (Mailing list requests - try 'help' for details) 8lgm@8lgm.org (Everything else) 8LGM FILESERVER: All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver@8lgm.org' =========================================================================== ----- End Included Message ----- Karl Strickland (karl@bagpuss.demon.co.uk) wrote on May 20th.--- The exploit details have been sent to CERT who are dealing entirely with the affected vendors, including SUN. CERT have better contacts with more vendors than we do and are able to spend more time dealing with them than we are. SUN should have had exploit details passed to it from CERT by now.