 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I received this yesterday from an employee of Sendmail Inc. FYI. Personally I think it's a marketing ploy... ;) ---------- Forwarded message ---------- Date: Wed, 07 Jun 2000 18:42:25 -0700 From: Tasha Lockyer <tasha at sendmail.com> To: rhlcustomers at sendmail.com Subject: Linux/Sendmail Pro Security Alert LINUX/SENDMAIL PRO SECURITY ALERT The Problem A serious bug has been discovered in the Linux kernel that can be used by local users to gain root access. The problem, a vulnerability in the Linux kernel capability model, exists in kernel versions up to and including version 2.2.15. This problem will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded. How This Affects You Because this vulnerability can be used to attack any setuid root program that attempts to cede special permission, all sendmail users can be exploited. Please note that this is NOT a sendmail security issue, but rather a Linux issue that can manifest itself in the sendmail program. As a result, this problem can be exploited on Sendmail Pro for Red Hat Linux. How To Fix It To resolve this issue, upgrade your Linux kernel to version 2.2.16 immediately. If you are currently unable to obtain an upgrade from your vendor, we strongly recommend that you upgrade from Sendmail Pro to Sendmail Switch. Sendmail Switch 2.0.5 for Red Hat Linux includes a check for this vulnerability in the kernel and if it is present, refuses to run, thus making it impossible to use sendmail to exploit the problem. Sendmail Single Switch is available only on the Sendmail Store for the special promotional price of $99. To purchase this product, please go to: http://www2.sendmail.com/store/ For more information on the Sendmail Switch product line, please see: http://www2.sendmail.com/products/routing/ -- PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt ------------------------------------------------------ Derek D. Martin | Unix/Linux Geek derekm at mediaone.net | derek at cerberus.ne.mediaone.net ------------------------------------------------------ - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
