Salut
Parca cineva se intreba cand apare urmatorul bug in sendmail ? Nici o
problema, a aparut deja si din ce imi pare mie e mult foarte grav:
http://www.cert.org/advisories/CA-2003-07.html
Systems Affected
* Sendmail Pro (all versions)
* Sendmail Switch 2.1 prior to 2.1.5
* Sendmail Switch 2.2 prior to 2.2.5
* Sendmail Switch 3.0 prior to 3.0.3
* Sendmail for NT 2.X prior to 2.6.2
* Sendmail for NT 3.0 prior to 3.0.3
* Systems running open-source sendmail versions prior to 8.12.8,
including UNIX and Linux systems
Overview
There is a vulnerability in sendmail that may allow remote attackers
to gain the privileges of the sendmail daemon, typically root.
This vulnerability is message-oriented as opposed to
connection-oriented. That means that the vulnerability is triggered by
the contents of a specially-crafted email message rather than by
lower-level network traffic. This is important because an MTA that
does not contain the vulnerability will pass the malicious message
along to other MTAs that may be protected at the network level. In
other words, vulnerable sendmail servers on the interior of a network
are still at risk, even if the site's border MTA uses software other
than sendmail. Also, messages capable of exploiting this vulnerability
may pass undetected through many common packet filters or firewalls.
...
----------------------------
Mihai RUSU
Disclaimer: Any views or opinions presented within this e-mail are solely
those of the author and do not necessarily represent those of any company,
unless otherwise specifically stated.
--
Pentru dezabonare, trimiteti mail la
[EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'.
REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
