On Thu, 23 Aug 2001 16:12:33 +0200 (CEST), ProServe - Peter Batenburg
mumbled something like:
>>Is cobalt going to do something about this? Allready 2 exploits
>>have been released on the bugtraq mailing list.
If you read the security alert, it says:
>> The problem was not present in
>> 8.10 or earlier versions.
I don't know about your boxen, but mine say they're 8.10.2.
The security alert also says:
>>Mitigating Strategies:
>>Restrict local access to trusted users only.
You shouldn't be handing out shell accounts in the first place.
Since the breach must be performed by someone with a sh*tload of
knowledge..
>>An attacker with local access must determine the memory offsets of
>>the program's internal tTdvect variable and the location to which
>>he or she wishes to have data written.
>>The attacker must craft in architecture specific binary code
>>the commands (or 'shellcode') to be executed with higher
>>privilege.
..I'd say the 'cure' for this is not to give out shell accounts.
Also, check your sendmail version, it's quite possible that it isn't
vulnerable to this, hence no update from Cobalt.
--
CarrieB
"Been there, done that... used the t-shirt to wipe the blood off of
my desk and bandage my flat forehead." --Carrie Bartkowiak