=========================================================================== [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995 PROGRAM: sendmail(8) VULNERABLE VERSIONS: SunOS 4.1.* DESCRIPTION: The -oR option uses popen() to return undeliverable mail. IMPACT: Local users can obtain root access. REPEAT BY: A program to exploit this vulnerability is available as of now. This program has been tested with the latest Sun patch. To obtain this program, send mail to 8lgm-fileserver@8lgm.org, with a line in the body of the message containing:- SEND ropt DISCUSSION: Using popen() in setuid programs is bad practice. FIX: Contact vendor for fix. STATUS UPDATE: The file: [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995.README will be created on www.8lgm.org. This will contain updates on any further versions which are found to be vulnerable, and any other information received pertaining to this advisory. ----------------------------------------------------------------------- FEEDBACK AND CONTACT INFORMATION: majordomo@8lgm.org (Mailing list requests - try 'help' for details) 8lgm@8lgm.org (Everything else) 8LGM FILESERVER: All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver@8lgm.org' 8LGM WWW SERVER: [8LGM]'s web server can be reached at http://www.8lgm.org. This contains details of all 8LGM advisories and other useful information. ===========================================================================