According to sendmail.org it affects 8.10.something - 8.11.5
On Tue, Aug 21, 2001 at 06:44:56PM -0700, Jacob Meuser wrote:
> On Tue, Aug 21, 2001 at 05:58:30PM -0700, Patrick R. Wade wrote:
> > On Tue, Aug 21, 2001 at 01:30:57PM -0700, Jacob Meuser wrote:
> > >
> > >For those running sendmail, update to 8.11.6 ...
> > >
> > >A security hole exists in sendmail(8) that may allow an attacker on the
> > >local host to gain root privileges by specifying out-of-bounds debug
> > >parameters.
> > >
> > >
> >
> > Is there a BUGTRAQ posting or something i can wave at my fellow efn admins?
> >
> > (not that any non-efn-employee has a shell on our mailserver...)
> >
>
> I don't know if it's on BUGTRAQ. I got that from
> [EMAIL PROTECTED], and a patch was posted to
> openbsd.org/errata.html. As OpenBSD 2.9 ships with sendmail of the 8.11
> variety, it may only affect the 8.11 branch. (Note that 8.11.3 also
> had problems ... )
>
> I see a message on www.sendmail.org ...
>
> I see from the mail headers that calvin is running an 8.10 variety ...
>
> --
> <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>
--
Christopher Maujean
IT Director
Premierelink Communications
www.premierelink.com
[EMAIL PROTECTED]
PLEASE encrypt all sensitive information using the following:
GnuPG: 0x5DE74D38
Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x5DE74D38
