[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] ALERT UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)

Subject: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)
From: "marcus miller" <cobalt_security_list@xxxxxxxxxxx>
Date: Tue, 14 Jan 2003 09:59:33 +0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi

Sorry to be a goon but could I just get this confirmed:

Jeff Lasman wrote

I'm not sure what version of sendmail your server is running.  Mine is
running 8.10.2.

8.10 versions of sendmail and earlier are NOT subject to this exploit.

Additionally, this exploit can only be performed by local users.

so is 8.10.2 classed as an 8.10 release? or is it considered a release after8.10 and therefore insecure?

I am running 'sendmail-8.10.2-C1' could someone put my mind at rest?

Thanks all.

P.S. There seem to be a couple of raq's getting hacked over the last fewweeks, having been in that situation before I know its nothing we want to gothrough again.

Hows about a thread where we all throw in some ideas to make sure we are allas secure as we can be? All patched-up and aware of the latest threats toour livelyhood etc... just an idea.

From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
To: cobalt-security@xxxxxxxxxxxxxxx

Subject: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58):Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)

Date: Tue, 14 Jan 2003 00:57:56 -0800

ProServe - Peter Batenburg wrote:

>

> Is cobalt going to do something about this? Allready 2 exploits havebeen

> released on the bugtraq mailing list.

I'm not sure what version of sendmail your server is running.  Mine is
running 8.10.2.

8.10 versions of sendmail and earlier are NOT subject to this exploit.

Additionally, this exploit can only be performed by local users.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security



_________________________________________________________________

Help STOP SPAM: Try the new MSN 8 and get 2 months FREE*http://join.msn.com/?page=features/junkmail

Follow-Ups:
- Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): SendmailDebugger ArbitraryCode Execution Vulnerability (fwd)
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)
Next by Date: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)
Previous by thread: [cobalt-security] Hacked Cobalt Server - Can You Help?
Next by thread: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): SendmailDebugger ArbitraryCode Execution Vulnerability (fwd)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index

Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)

Re: [cobalt-security] ALERT UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger ArbitraryCode Execution Vulnerability (fwd)