[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
- Subject: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
- From: Jeff Lovell <jlovell@xxxxxxx>
- Date: 23 Aug 2001 11:21:54 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 23 Aug 2001 16:12:33 +0200, ProServe - Peter Batenburg wrote:
> Is cobalt going to do something about this? Allready 2 exploits have been
> released on the bugtraq mailing list.
What version of sendmail are you running?
> --------------------
> This vulnerability, present in sendmail open source versions
> between 8.11.0 and 8.11.5 has been corrected in 8.11.6. sendmail
> 8.12.0.Beta users should upgrade to 8.12.0.Beta19. The problem was
> not present in 8.10 or earlier versions. However, as always, we
> recommend using the latest version. Note that this problem is
> not remotely exploitable. Additionally, sendmail 8.12 will no
> longer uses a set-user-id root binary by default.
> --------------------
Jeff
--
Jeff Lovell
Sun Microsystems Inc.