On Tue, Aug 21, 2001 at 05:58:30PM -0700, Patrick R. Wade wrote:
> On Tue, Aug 21, 2001 at 01:30:57PM -0700, Jacob Meuser wrote:
> >
> >For those running sendmail, update to 8.11.6 ...
> >
> >A security hole exists in sendmail(8) that may allow an attacker on the
> >local host to gain root privileges by specifying out-of-bounds debug
> >parameters.
> >
> >
>
> Is there a BUGTRAQ posting or something i can wave at my fellow efn admins?
>
> (not that any non-efn-employee has a shell on our mailserver...)
>
I don't know if it's on BUGTRAQ. I got that from
[EMAIL PROTECTED], and a patch was posted to
openbsd.org/errata.html. As OpenBSD 2.9 ships with sendmail of the 8.11
variety, it may only affect the 8.11 branch. (Note that 8.11.3 also
had problems ... )
I see a message on www.sendmail.org ...
I see from the mail headers that calvin is running an 8.10 variety ...
--
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
