Sendmail remote root

Ing. Pavel PaJaSoft Janousek janousek na fonet.cz
Úterý Březen 4 12:08:56 CET 2003


Zdenek SUTR Kaminski wrote:
>>	Skoda, ze jste nedodal, ze chyba byla nalezena pri AUTIDU kodu... (=> 
> 
> 
> Je prosim si nekde mozne najit info o tom, ze to bylo pri auditu? To bych 
> si i rad precetl. A jestli si delali ten audit, chlapci mi stoupli v 
> ocich...

	No vychazim z oznameni Red Hat Inc. (ostatne, pravidelne k dispozici na 
redhat-watch-list na redhat.com, redhat-announce-list na redhat.com, 
bugtraq na securityfocus.com apod.), ve kterem je jasne uvedeno:

During a code audit of Sendmail by ISS, a critical vulnerability was
uncovered that affects unpatched versions of Sendmail prior to version
8.12.8.  A remote attacker can send a carefully crafted email message
which, when processed by sendmail, causes arbitrary code to be
executed as root.

-----------------------------------------------------------------------
Ing. Pavel Janousek (PaJaSoft)                 FoNet, spol. s r. o.
Vyvoj software, Intranet / Internet          Sokolova 67, 619 00 Brno
E-mail: mailto:Janousek na FoNet.Cz             Tel.: +420  5  4324 4749
WWW:    http://WWW.FoNet.Cz/               E-mail: mailto:Info na FoNet.Cz
-----------------------------------------------------------------------



Další informace o konferenci Linux