The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

more sendmail holes

To: security@debian.org
Subject: more sendmail holes
From: bruce@pixar.com (Bruce Perens)
Date: Tue, 17 Sep 96 09:15 PDT
Delivered-to: security@debian.org
Old-return-path: <bruce@pixar.com>
Reply-to: Bruce Perens <Bruce@pixar.com>
Resent-cc: recipient list not shown: ;
Resent-date: 17 Sep 1996 16:16:04 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"TFuvD1.0.7W2.4xiFo"@vega>
Resent-sender: debian-private-request@lists.debian.org

>From snowcrash.cymru.net!alan Tue Sep 17 04:50:26 1996
Return-Path: <alan@snowcrash.cymru.net>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0v2yfI-00061xC; Tue, 17 Sep 96 04:50 PDT
Received: from snowcrash.cymru.net by pixar.com with SMTP id AA22835
  (5.67b/IDA-1.5 for bruce@mongo.pixar.com); Tue, 17 Sep 1996 04:50:04 -0700
Received: (from alan@localhost) by snowcrash.cymru.net (8.7.1/8.7.1) id MAA29072; Tue, 17 Sep 1996 12:25:27 +0100
Date: Tue, 17 Sep 1996 12:25:27 +0100
From: Alan Cox <alan@cymru.net>
Message-Id: <199609171125.MAA29072@snowcrash.cymru.net>
To: ewt@redhat.com
Subject: Sendmail
Cc: bruce@pixar.com, bs@suse.de, mark@wgs.com, ron@caldera.com
Status: R

Seems best I send you this as is, but I've chopped some bits out to be safe
replies to me ASAP please

Cert writes:

This afternoon, Eric Allman put additional patches into version 8.7.6. These
address additional buffer overflows whose exploitation have come to his
attention. The changes were already in 8.8, and he has backported them to
8.7.6. 

revise the advisory quickly when we receive updated information from you.  We
will try to revise information in Appendix A the same day hear from you, and
we will certainly update the advisory no later than 48 hours after we receive
your new information.

in sendmail that affects all versions (including 8.6 and 8.7, through 8.7.5).
By exploiting the first these vulnerabilities, users who have local accounts
can gain access to the default user, which is often daemon. By exploiting the
second of these vulnerabilities, any local user can gain root access.

     There are two vulnerabilities in all versions of sendmail up to and
     including sendmail 8.7.5. The first vulnerability is a resource starvation
     problem and the second is a buffer overflow problem.

     Resource Starvation
     -------------------
	XXXXXXXXXXXXXX

     Buffer Overflows 
     ---------------- 
     There are several buffer overflows present in sendmail 8.7.5 and earlier.
     Some of the buffer overflows could result in local users gaining
     unauthorized root access on a machine.

Prev by Date: Re: packages with nasty names
Next by Date: bugs.debian.org delivery problems
Previous by thread: Re: packages with nasty names
Next by thread: bugs.debian.org delivery problems
Index(es):
- Date
- Thread