8lgm-17.txt
8effad111b3be1653b3c02cc8063d762876df6b841c20bce0e6731f2e0c2beea
This advisory has been sent to:
comp.security.unix
CERT/CC <cert@cert.org>
===========================================================================
[8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995
PROGRAM:
sendmail(8) (Version 5.*)
KNOWN VULNERABLE VERSIONS:
SunOS 4.1.* up to and including patch 100377-19
Sendmail V5.*
IDA Sendmail V5.*
(Likely that any sendmail based on V5 is also vulnerable).
DESCRIPTION:
A flaw exists in versions of sendmail based on V5, which allows
users to run programs and/or append to files remotely.
The user does not require an account on that system.
IMPACT:
Systems running V5 based sendmail are exploitable remotely.
REPEAT BY:
At this time, exploit details are not available. Exploit
details will be provided on the 8lgm fileserver, at some
point in the future.
DISCUSSION:
Details have been provided to ecd@cert.org, in order to speed
up availability of exploit information to vulnerable vendors.
WORKAROUND & FIX:
1) Install V8 sendmail.
2) Obtain patch from vendor.
FEEDBACK AND CONTACT INFORMATION:
majordomo@8lgm.org (Mailing list requests - try 'help'
for details)
8lgm@8lgm.org (Everything else)
8LGM FILESERVER:
All [8LGM] advisories may be obtained via the [8LGM] fileserver.
For details, 'echo help | mail 8lgm-fileserver@8lgm.org'
===========================================================================