<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
<title></title>
</head>
<body>
Iba pripominam ...<br>
<br>
v bugtraqu pisu od sendmailu, ze staci vypnut IDENT, viac:<br>
<a
href="http://www.securityfocus.com/archive/1/313631/2003-03-01/2003-03-07/0">http://www.securityfocus.com/archive/1/313631/2003-03-01/2003-03-07/0</a><br>
<br>
<br>
-------- Original Message --------
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<th valign="baseline" align="right" nowrap="nowrap">Subject: </th>
<td>sendmail remote root</td>
</tr>
<tr>
<th valign="baseline" align="right" nowrap="nowrap">Date: </th>
<td>Mon, 3 Mar 2003 22:14:26 +0100</td>
</tr>
<tr>
<th valign="baseline" align="right" nowrap="nowrap">From: </th>
<td>Ondrej Suchy <a class="moz-txt-link-rfc2396E" href="mailto:ondrej.suchy@qlinux.cz"><ondrej.suchy@qlinux.cz></a></td>
</tr>
<tr>
<th valign="baseline" align="right" nowrap="nowrap">Reply-To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:security@underground.cz">security@underground.cz</a></td>
</tr>
<tr>
<th valign="baseline" align="right" nowrap="nowrap">To: </th>
<td>security list <a class="moz-txt-link-rfc2396E" href="mailto:security@underground.cz"><security@underground.cz></a></td>
</tr>
</table>
<br>
<br>
<pre>sice sem obvykle oznameni o chybach nepiseme, ale tahle je obzvlast
pikantni: ve vsech dosavadnich verzich sendmailu je remote root
exploit.
popis chyby:
<a class="moz-txt-link-freetext" href="https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950">https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950</a>
<a class="moz-txt-link-freetext" href="http://www.cert.org/advisories/CA-2003-07.html">http://www.cert.org/advisories/CA-2003-07.html</a>
oprava:
<a class="moz-txt-link-freetext" href="http://www.sendmail.org/8.12.8.html">http://www.sendmail.org/8.12.8.html</a>
ondrej suchy
–
--
Ondrej Suchy <a class="moz-txt-link-rfc2396E" href="mailto:ondrej.suchy@qlinux.cz"><ondrej.suchy@qlinux.cz></a>
[ QLINUX QUADRA s.r.o. ]
[ open-source reseni, sprava, bezpecnost, firewally ]
[ e-mail: <a class="moz-txt-link-abbreviated" href="mailto:info@qlinux.cz">info@qlinux.cz</a> web: <a class="moz-txt-link-freetext" href="http://www.qlinux.cz/">http://www.qlinux.cz/</a> ]
</pre>
<br>
<pre class="moz-signature" cols="72">--
Ernest Beinrohr, OERNii
eAdmin @ AxonPro.sk, <a class="moz-txt-link-freetext" href="http://www.AxonPro.sk">http://www.AxonPro.sk</a>
+421-2-62410360, +421-903-482603 <== NOVE TELEFONNE CISLO
HomePage: <a class="moz-txt-link-freetext" href="http://www.oernii.sk">http://www.oernii.sk</a>
</pre>
</body>
</html>