Firewalls: Re: sendmail and CERT

Firewalls
(October 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: sendmail and CERT
From:	"Perry E. Metzger" <pmetzger @ lehman . com>
Date:	Fri, 22 Oct 1993 12:53:40 -0400
To:	reh @ cs . umd . edu (Richard Huddleston)
Cc:	Firewalls @ greatcircle . com
In-reply-to:	Your message of "Fri, 22 Oct 1993 11:10:32 EDT." <9310221510 . AA15724 @ bedrock . cs . UMD . EDU>
Reply-to:	pmetzger @ lehman . com

Can someone explicitly let us in on what the vulnerability does? I've
partially hacked my sendmail to provide extra security, and it would
be nice to know if I have to worry.

Perry

Richard Huddleston says:
> >From what I've heard, this bug effects all sendmail using the ForceMail
> variable in recipient.c .  This bug is apparently cleared in the 8.6
> source, and can be cleared either by clearing it and rebuilding ( if you've
> got the SunOS source ) or by the patches that I'm sure everybody already
> knows about.
> 
> Boy, I was sure fond of the word "clear" in that last paragraph  ;).
> 
> Richard
> 
> ---
> 
> 
> Hi-
> 
> Does anyone have more info on the sendmail vulnerability announced by
> CERT yesterday? What's the hole? Does it only concern TCP connections
> into sendmail? Or can forwarded mail be used to exploit it? CERT
> hinted the former to me on the phone, but I'd like any perspectives on
> this from someone who knows.
> 
> -Rens
> 
> ---

References:

sendmail and CERT
From: reh @ cs . UMD . EDU (Richard Huddleston)

Indexed By Date	Previous:	Re: Sun sendmail vulnerability From: Leland K. Neely <lkn @ llnl . gov>
Indexed By Date	Next:	Re: Sun sendmail vulnerability From: "Perry E. Metzger" <pmetzger @ lehman . com>
Indexed By Thread	Previous:	sendmail and CERT From: reh @ cs . UMD . EDU (Richard Huddleston)
Indexed By Thread	Next:	Sun sendmail hole From: reh @ cs . UMD . EDU (Richard Huddleston)