Sendmail remote root
Ing. Pavel PaJaSoft Janousek
janousek na fonet.cz
Úterý Březen 4 12:08:56 CET 2003
Zdenek SUTR Kaminski wrote:
>> Skoda, ze jste nedodal, ze chyba byla nalezena pri AUTIDU kodu... (=>
>
>
> Je prosim si nekde mozne najit info o tom, ze to bylo pri auditu? To bych
> si i rad precetl. A jestli si delali ten audit, chlapci mi stoupli v
> ocich...
No vychazim z oznameni Red Hat Inc. (ostatne, pravidelne k dispozici na
redhat-watch-list na redhat.com, redhat-announce-list na redhat.com,
bugtraq na securityfocus.com apod.), ve kterem je jasne uvedeno:
During a code audit of Sendmail by ISS, a critical vulnerability was
uncovered that affects unpatched versions of Sendmail prior to version
8.12.8. A remote attacker can send a carefully crafted email message
which, when processed by sendmail, causes arbitrary code to be
executed as root.
-----------------------------------------------------------------------
Ing. Pavel Janousek (PaJaSoft) FoNet, spol. s r. o.
Vyvoj software, Intranet / Internet Sokolova 67, 619 00 Brno
E-mail: mailto:Janousek na FoNet.Cz Tel.: +420 5 4324 4749
WWW: http://WWW.FoNet.Cz/ E-mail: mailto:Info na FoNet.Cz
-----------------------------------------------------------------------
Další informace o konferenci Linux