Great Circle Associates Firewalls
(October 1993) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Sun sendmail vulnerability
From: Eric Conrad <conrad @ merl . com>
Organization: Mitsubishi Electric Research Laboratories, Inc. Cambridge, Massachusetts, USA
Date: Fri, 22 Oct 93 14:28:45 -0400
To: pmetzger @ lehman . com
Cc: "Leland K. Neely" <lkn @ llnl . gov>, Dan . Farmer @ corp . sun . com, rens @ imsi . com, firewalls @ GreatCircle . COM, conrad @ merl . com
In-reply-to: Your message of "Fri, 22 Oct 93 13:15:34 EDT." <9310221715 . AA27241 @ snark . lehman . com> 
> The hackers are already furiously working on this. Meanwhile, I have a
> multi-billion dollar company thats potentially vulnerable and I don't
> have enough real information to be able to decide on a reasonable
> response. I'm not running a standard sendmail, no one will tell me
> what the bug is so I can check if I'm vulnerable, I can't go out and
> use the patched Sun sendmail because I don't run it, etc.
> 
I heard this through the grapevine, so take it with a grain of salt.

This bug supposedly exploits the sync account with /bin/sync as a shell.
Change the shell to /bin/none.  

That's all I've heard, and it's certainly not gospel.  If anyone has any
more info, please email me.

                               ...Eric
References:
Indexed By Date Previous: Re: Sun sendmail vulnerability
From: mjr @ TIS . COM
Next: Re: Sun sendmail vulnerability
From: scott @ forge . tandem . com (Scott Hazen Mueller)
Indexed By Thread Previous: Re: Sun sendmail vulnerability
From: "Perry E. Metzger" <pmetzger @ lehman . com>
Next: Re: Sun sendmail vulnerability
From: Tom Fitzgerald <fitz @ wang . com>
Google
 
Search Internet Search www.greatcircle.com