Firewalls: sendmail and CERT

Firewalls
(October 1993)

Indexed By Thread: [Previous] [Next]

Subject:	sendmail and CERT
From:	reh @ cs . UMD . EDU (Richard Huddleston)
Date:	Fri, 22 Oct 93 11:10:32 -0400
To:	Firewalls @ GreatCircle . com


>From what I've heard, this bug effects all sendmail using the ForceMail
variable in recipient.c .  This bug is apparently cleared in the 8.6
source, and can be cleared either by clearing it and rebuilding ( if you've
got the SunOS source ) or by the patches that I'm sure everybody already
knows about.

Boy, I was sure fond of the word "clear" in that last paragraph  ;).

Richard

---


Hi-

Does anyone have more info on the sendmail vulnerability announced by
CERT yesterday? What's the hole? Does it only concern TCP connections
into sendmail? Or can forwarded mail be used to exploit it? CERT
hinted the former to me on the phone, but I'd like any perspectives on
this from someone who knows.

-Rens

---

Follow-Ups:

Re: sendmail and CERT
From: "Perry E. Metzger" <pmetzger @ lehman . com>

Indexed By Date	Previous:	Sun sendmail vulnerability From: Rens Troost <rens @ lorax . IMSI . COM>
Indexed By Date	Next:	Re: Sun sendmail vulnerability From: greep @ datatools . com (Steven Tepper)
Indexed By Thread	Previous:	Re: Sun sendmail vulnerability From: Peter shipley <shipley @ merde . dis . org>
Indexed By Thread	Next:	Re: sendmail and CERT From: "Perry E. Metzger" <pmetzger @ lehman . com>