8lgm-24.txt

8lgm-24.txt: Posted Sep 23, 1999; 8lgm-24.txt; SHA-256 | fca16192c25226b4ce99ab8dccc6d4918827e0b7b21229344f6c4c9bf20bcfc2; Download | Favorite | View

8lgm-24.txt


=============================================================================
 Virtual Domain Hosting Services provided by The FOURnet Information Network
              mail webserv@FOUR.net or see http://www.four.net
=============================================================================
          [8lgm]-Advisory-24.UNIX.CERT.Advisory.CA-95:11.20-9-1995

PROGRAM:

        sendmail_wrapper.c

VULNERABLE VERSIONS:

        SunOS 4.1.*

DESCRIPTION:

        As a Solution to advisory:

                [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995

        CERT advises the following.

                B. Install the sendmail wrapper available from

                ftp://ftp.cs.berkeley.edu/ucb/sendmail/sendmail_wrapper.c
                ftp://ftp.auscert.org.au/pub/auscert/tools/sendmail_wrapper.c

                Checksum:

                MD5 (sendmail_wrapper.c) = fb53f92b6fc539766cd69e8b08909ba1

        This wrapper uses syslog(3) to report potential attacks.  However
        this is performed in an insecure manner, and can be exploited as
        described in:

                [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

IMPACT:

        Local users can therefore obtain superuser privileges.

FIX:

        In order to use syslog(3) in a secure manner, strings must be
        limited in length.  Therefore to fix the call to syslog(3) we
        can do:

        syslog( LOG_MAIL | LOG_ERR,
        "Possible SunOS sendmail attack specifying '-%c %.500s' by uid %d\n",
                        argv[ i][ 1], cp, getuid());


STATUS UPDATE:

        The file:

        [8lgm]-Advisory-24.UNIX.CERT.Advisory.CA-95:11.20-9-1995.README

        will be created on www.8lgm.org.  This will contain updates on
        any further versions which are found to be vulnerable, and any
        other information received pertaining to this advisory.

-----------------------------------------------------------------------

FEEDBACK AND CONTACT INFORMATION:

        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)

        8lgm@8lgm.org           (Everything else)

8LGM FILESERVER:

        All [8LGM] advisories may be obtained via the [8LGM] fileserver.
        For details, 'echo help | mail 8lgm-fileserver@8lgm.org'

8LGM WWW SERVER:

        [8LGM]'s web server can be reached at http://www.8lgm.org.
        This contains details of all 8LGM advisories and other useful
        information.
===========================================================================

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

8lgm-24.txt

8lgm-24.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

8lgm-24.txt

Share This

8lgm-24.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems