LinuxSA Mailing list archives

  From: Phil Pittard <vk5ham@seol.net.au>
  To  : marko@woogie.nu
  Date: Fri, 24 Sep 1999 16:58:49 +0930

Re: sendmail problem

Hi

marko@woogie.nu wrote:
> 
> On 23 Sep, David Newall wrote:
> >> I've already conluded from http://www.orbs.org/otherresources.cgi
> >> that sendmail 8.8.7 is unsalvageable.
> >
> > Unsalvageable?  Why?  I'm on 8.8.4.
> >
> There's a denial of service attack in sendmail versions below 8.9.3, I
> think I heard somewhere that there is a security hole in versions below
> 8.8.7 too, but I could be mistaken on that.

There IS an exploitable hole in sendmail 8-7.3(ish) up to and including
at least 8.8.3 or 8.8.4 (not sure how far the bug lasted!) which allows
anyone to become root.... have a look in /tmp for an suid file called
sh  and if its there you have had an unwanted visitor:).

If you do run an earlier sendmail it is worth checking /tmp for suid
executables !! Not to mention  making sure you dont have any directories
called "..." ;)  BTW, does anyone EVER bother checking /dev/ files to
see if they really are device files.... /dev is the BEST place for
unwanted guests to hide stuff ;)

One other thing, SOMEONE will always find a "way in" or an exploitable
"bug or hole"... sometimes it is better "the devuil you know than the
devil you dont" BUT if you are going to run OLDER versions of apps then
you need to be aware of their strengths, weaknesses & vulnerabilities
and act accordingly!!!

Cya, Phil

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject