How is sendmail broken this time
Kris
kancer at kancer.978.org
Wed Jun 21 15:11:22 EDT 2000
If I am not mistaken, that is the "Linux Capabilites" bug
running suid root. You have 2 choices, upgrade sendmail or your kernel.
Please see this page:
http://www.sendmail.org/sendmail.8.10.1.LINUX-SECURITY.txt
please note this:
Sendmail 8.10.2 has added a check to see if the kernel has this bug, and
if so will refuse to run. This version also does more detailed checks on
certain system calls, notably setuid(2), to detect other possible attacks.
Although there are no known attacks, this version is strongly recommended,
whether or not you have a vulnerable kernel.
-Good luck
Kris Loranger
Network Systems Engineer
Belenosinc.com
kris at kancer.978.org
IRC:efnet, #978 AIM:KancerKris
Run Linux, keep the net free!
On Wed, 21 Jun 2000, John Chambers wrote:
>
> This is on a newly-installed Mandrake 7.0 linux:
>
> : Mail -v jc at localhost
> Subject: Hi again.
>
> Hi there.
> Cc:
> send-mail: warning: sendmail is set-uid root, or is run from a set-uid root process
> send-mail: open maildrop/4A31ED64A
> :
>
>
> Any idea what's broken here, and how to fix it? No mail gets
> delivered.
>
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
>
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list