<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

  <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">

  <title></title>

</head>

<body>

Iba pripominam ...<br>

<br>

v bugtraqu pisu od sendmailu, ze staci vypnut IDENT, viac:<br>

<a

 href="http://www.securityfocus.com/archive/1/313631/2003-03-01/2003-03-07/0">http://www.securityfocus.com/archive/1/313631/2003-03-01/2003-03-07/0</a><br>

<br>

<br>

-------- Original Message --------

<table cellpadding="0" cellspacing="0" border="0">

  <tr>

    <th valign="baseline" align="right" nowrap="nowrap">Subject: </th>

    <td>sendmail remote root</td>

  </tr>

  <tr>

    <th valign="baseline" align="right" nowrap="nowrap">Date: </th>

    <td>Mon, 3 Mar 2003 22:14:26 +0100</td>

  </tr>

  <tr>

    <th valign="baseline" align="right" nowrap="nowrap">From: </th>

    <td>Ondrej Suchy <a class="moz-txt-link-rfc2396E" href="mailto:ondrej.suchy@qlinux.cz">&lt;ondrej.suchy@qlinux.cz&gt;</a></td>

  </tr>

  <tr>

    <th valign="baseline" align="right" nowrap="nowrap">Reply-To: </th>

    <td><a class="moz-txt-link-abbreviated" href="mailto:security@underground.cz">security@underground.cz</a></td>

  </tr>

  <tr>

    <th valign="baseline" align="right" nowrap="nowrap">To: </th>

    <td>security list <a class="moz-txt-link-rfc2396E" href="mailto:security@underground.cz">&lt;security@underground.cz&gt;</a></td>

  </tr>

</table>

<br>

<br>

<pre>sice sem obvykle oznameni o chybach nepiseme, ale tahle je obzvlast

pikantni: ve vsech dosavadnich verzich sendmailu je remote root

exploit.

popis chyby:

<a class="moz-txt-link-freetext" href="https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950">https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950</a>

<a class="moz-txt-link-freetext" href="http://www.cert.org/advisories/CA-2003-07.html">http://www.cert.org/advisories/CA-2003-07.html</a>

oprava:

<a class="moz-txt-link-freetext" href="http://www.sendmail.org/8.12.8.html">http://www.sendmail.org/8.12.8.html</a>

  ondrej suchy

&#8211;

-- 

Ondrej Suchy <a class="moz-txt-link-rfc2396E" href="mailto:ondrej.suchy@qlinux.cz">&lt;ondrej.suchy@qlinux.cz&gt;</a>

[ QLINUX                                QUADRA s.r.o. ]

[ open-source reseni, sprava,  bezpecnost,  firewally ]

[ e-mail: <a class="moz-txt-link-abbreviated" href="mailto:info@qlinux.cz">info@qlinux.cz</a>   web: <a class="moz-txt-link-freetext" href="http://www.qlinux.cz/">http://www.qlinux.cz/</a> ]

</pre>

<br>

<pre class="moz-signature" cols="72">-- 

Ernest Beinrohr, OERNii

eAdmin @ AxonPro.sk, <a class="moz-txt-link-freetext" href="http://www.AxonPro.sk">http://www.AxonPro.sk</a>

+421-2-62410360, +421-903-482603    &lt;==  NOVE TELEFONNE CISLO

HomePage: <a class="moz-txt-link-freetext" href="http://www.oernii.sk">http://www.oernii.sk</a>

</pre>

</body>

</html>