===========================================================================
          [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995

PROGRAM:

        sendmail(8)

VULNERABLE VERSIONS:

        SunOS 4.1.*

DESCRIPTION:

        The -oR option uses popen() to return undeliverable mail.

IMPACT:

        Local users can obtain root access.

REPEAT BY:

        A program to exploit this vulnerability is available as of now.
        This program has been tested with the latest Sun patch.  To obtain
        this program, send mail to 8lgm-fileserver@8lgm.org, with a line
        in the body of the message containing:-

        SEND ropt

DISCUSSION:

        Using popen() in setuid programs is bad practice.

FIX:

        Contact vendor for fix.

STATUS UPDATE:

        The file:

        [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995.README

        will be created on www.8lgm.org.  This will contain updates on
        any further versions which are found to be vulnerable, and any
        other information received pertaining to this advisory.

-----------------------------------------------------------------------

FEEDBACK AND CONTACT INFORMATION:

        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)

        8lgm@8lgm.org           (Everything else)

8LGM FILESERVER:

        All [8LGM] advisories may be obtained via the [8LGM] fileserver.
        For details, 'echo help | mail 8lgm-fileserver@8lgm.org'

8LGM WWW SERVER:

        [8LGM]'s web server can be reached at http://www.8lgm.org.
        This contains details of all 8LGM advisories and other useful
        information.
===========================================================================