On Fri, Jan 04, 2002 at 06:01:02PM +0800, Suresh Ramasubramanian wrote: > > I don't think there was a remote root exploit in sendmail 8.9.3, shipped with > > redhat 6.2. > > 8.9.3 associated with the default redhat kernel (or any kernel <= 2.2.15) as > a matter of fact. 8.9.3 is pretty ok on other OSen.
There were two, one a bug in the linux setcap() syscall, and another when sendmail is run in debug mode (sendmail -dx.x). Both were locally exploitable, not remotely. The -d exploit was fixed only recently (8.11 series) IIRC. Binand _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
