[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)
- Subject: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Tue, 14 Jan 2003 00:57:56 -0800
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
ProServe - Peter Batenburg wrote:
>
> Is cobalt going to do something about this? Allready 2 exploits have been
> released on the bugtraq mailing list.
I'm not sure what version of sendmail your server is running. Mine is
running 8.10.2.
8.10 versions of sendmail and earlier are NOT subject to this exploit.
Additionally, this exploit can only be performed by local users.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";