Firewalls: Re: Sun sendmail vulnerability

Firewalls
(October 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Sun sendmail vulnerability
From:	"Perry E. Metzger" <pmetzger @ lehman . com>
Date:	Fri, 22 Oct 1993 13:01:59 -0400
To:	firewalls @ greatcircle . com
In-reply-to:	Your message of "Fri, 22 Oct 1993 08:30:40 PDT." <9310221525 . AA07316 @ mycroft . GreatCircle . COM>
Reply-to:	pmetzger @ lehman . com

All my border machines have special C programs that have replaced the
local and shell mailers to reject and complain about any attempt to
deliver mail locally. Will this likely keep me safe, or not?

Perry

Steven Tepper says:
> > Does anyone have more info on the sendmail vulnerability announced by
> > CERT yesterday? What's the hole? Does it only concern TCP connections
> > into sendmail? Or can forwarded mail be used to exploit it? CERT
> > hinted the former to me on the phone, but I'd like any perspectives on
> > this from someone who knows.
> 
> This isn't much, but the README from Sun patch 101077-03 says:
> 
>   1142888: A sendmail security hole dealing with mail delivered to files
> 
> The phrase "delivered to files" sounds as if it refers to aliases
> that put the mail in a named file, e.g. "foo:/usr/adm/foolog".

References:

Re: Sun sendmail vulnerability
From: greep @ datatools . com (Steven Tepper)

Indexed By Date	Previous:	Re: sendmail and CERT From: "Perry E. Metzger" <pmetzger @ lehman . com>
Indexed By Date	Next:	Re: Sun sendmail vulnerability From: "Perry E. Metzger" <pmetzger @ lehman . com>
Indexed By Thread	Previous:	Re: Sun sendmail vulnerability From: greep @ datatools . com (Steven Tepper)
Indexed By Thread	Next:	Re: Sun sendmail vulnerability From: Bob Dew <rdew @ alw . nih . gov>