another cert advisory?!?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Neal Becker
Date:  
À: exim-users
Sujet: another cert advisory?!?
I. Description

     Sendmail is often run in daemon mode so that it can "listen" for
     incoming mail connections on the standard SMTP networking port, usually
     port 25. The root user is the only user allowed to start sendmail this
     way, and sendmail contains code intended to enforce this restriction.


     Unfortunately, due to a coding error, sendmail can be invoked in daemon
     mode in a way that bypasses the built-in check. When the check is
     bypassed, any local user is able to start sendmail in daemon mode. In
     addition, as of version 8.7, sendmail will restart itself when it
     receives a SIGHUP signal. It does this restarting operation by
     re-executing itself using the exec(2) system call. Re-executing is done
     as the root user. By manipulating the sendmail environment, the user can
     then have sendmail execute an arbitrary program with root privileges.