8lgm-21.txt
a7f6d6055785b3a85507141b5e60ea13d02a5dcde96d13e733ab2bce48c6625e
===========================================================================
[8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995
PROGRAM:
sendmail(8)
VULNERABLE VERSIONS:
SunOS 4.1.*
DESCRIPTION:
The -oR option uses popen() to return undeliverable mail.
IMPACT:
Local users can obtain root access.
REPEAT BY:
A program to exploit this vulnerability is available as of now.
This program has been tested with the latest Sun patch. To obtain
this program, send mail to 8lgm-fileserver@8lgm.org, with a line
in the body of the message containing:-
SEND ropt
DISCUSSION:
Using popen() in setuid programs is bad practice.
FIX:
Contact vendor for fix.
STATUS UPDATE:
The file:
[8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995.README
will be created on www.8lgm.org. This will contain updates on
any further versions which are found to be vulnerable, and any
other information received pertaining to this advisory.
-----------------------------------------------------------------------
FEEDBACK AND CONTACT INFORMATION:
majordomo@8lgm.org (Mailing list requests - try 'help'
for details)
8lgm@8lgm.org (Everything else)
8LGM FILESERVER:
All [8LGM] advisories may be obtained via the [8LGM] fileserver.
For details, 'echo help | mail 8lgm-fileserver@8lgm.org'
8LGM WWW SERVER:
[8LGM]'s web server can be reached at http://www.8lgm.org.
This contains details of all 8LGM advisories and other useful
information.
===========================================================================