Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] GLSA: sendmail
Date: Sun, 13 Oct 2002 09:44:06
Message-Id: 20021013144402.C71A4336F6@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - --------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT
6 - - --------------------------------------------------------------------
7
8 PACKAGE        :sendmail
9 SUMMARY        :smsrh bypass vulnerabilites
10 DATE           :2002-10-13 14:45 UTC
11
12 - - --------------------------------------------------------------------
13
14 It is possible for an attacker to bypass the restrictions imposed by
15 The Sendmail Consortium’s Restricted Shell (SMRSH) and execute a
16 binary of his choosing by inserting a special character sequence into
17 his .forward file.
18
19 Read the full advisory at
20 http://www.sendmail.org/smrsh.adv.txt
21
22 SOLUTION
23
24 It is recommended that all Gentoo Linux users who are running
25 net-mail/sendmail-8.12.6 and earlier update their systems
26 as follows:
27
28 emerge rsync
29 emerge sendmail
30 emerge clean
31
32 - - --------------------------------------------------------------------
33 aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz
34 - - --------------------------------------------------------------------
35 -----BEGIN PGP SIGNATURE-----
36 Version: GnuPG v1.0.7 (GNU/Linux)
37
38 iD8DBQE9qYe0fT7nyhUpoZMRAikZAJ401MoPiOSGimzqUq25IPj7sNIrIwCghsXn
39 pXPevOcEyJm89c2k67OIA9g=
40 =8Hz5
41 -----END PGP SIGNATURE-----